When should I HTML encode?

When displaying user input or untrusted content in HTML to prevent XSS.

HTML encode vs URL encode?

HTML encode for body content; URL encode for query params and URLs.

It encodes the main five; decoding handles common numeric and named entities.

Encode text to HTML entities or decode HTML entities back to plain text. Handles < > & " and more.

HTMLencodedecodeentitiesescapeXSS

Plain Text

Encoded Output

Output will appear here...

Note: Encoding converts < > & " ' to HTML entities so they display safely in web pages. Decoding reverses this. Not for encryption.

Converts special characters to HTML entities so they display safely in web pages.

< > & " ' — prevents script injection and displays reserved chars.

User-generated content, escaping output, preventing XSS.

Anyone can decode. Use for display safety, not secrecy.

Quick answers about usage, privacy, and best practices.

Privacy: Everything runs locally in your browser. No data is sent to a server.

Encode special characters for URLs or decode percent-encoded strings.

Encode text to Base64 or decode Base64 strings back to plain text.

Format, validate, and beautify JSON with error detection.

Privacy First: This tool runs entirely in your browser. No data is sent to any server.