Base64 Encoder / Decoder
Encode binary or file content as Base64 for safe transport in data URIs, API payloads, or email templates — the encoding complement to HTML entity conversion.
Open toolHome › Tools › Developer Tools › HTML Entity Encoder / Decoder
Encode HTML special characters — <, >, &, ", ' — to safe HTML entities, or decode entities back to plain text. Instant client-side conversion. Common use cases: CMS content, email templates, code snippets. 100% in-browser, nothing stored.
HTML Entity Encoder / Decoder converts between plain text and HTML entity notation instantly. Paste text into the INPUT panel and the encoded output appears in the OUTPUT panel with no delay — no button click, no server round-trip, no data sent anywhere. Developers use it to safely embed user-generated content in HTML templates, to prepare code samples for documentation, and to debug encoded strings from API responses. Email template authors use it to prevent character encoding problems in legacy mail clients. The tool runs entirely in your browser using JavaScript string operations and the browser's native HTML parser.
HTML-safe only encodes the five characters that break HTML structure when present in text content: & (ampersand), < (less-than), > (greater-than), " (double quote), and ' (apostrophe). The ampersand is encoded first — before the other four — to prevent double-encoding. If < were encoded first, the & in the resulting < would be re-encoded to &lt; on any subsequent pass. This is the correct scope for the vast majority of use cases: CMS rich-text fields, email template body content, API response values that will be rendered inside HTML, and code snippets embedded in documentation.
All non-ASCII encodes the same five HTML-structural characters first, then additionally converts every character with a Unicode code point above U+007E (tilde, decimal 126) to a numeric HTML entity (&#N; where N is the decimal code point). Use this scope when the target environment requires strict 7-bit ASCII output. Legacy email transport systems using older SMTP servers, some older CMS fields, and certain HTTP header values are examples where non-ASCII bytes can be stripped, corrupted, or misinterpreted by intermediate systems that do not declare UTF-8 handling correctly.
The decoder uses the browser's own HTML parser via the textarea technique: the encoded string is assigned to a hidden textarea element's value property and read back as .value text. This handles all three entity notations correctly and safely. Named entities like &, , ©, €, and — decode to the correct characters. Numeric decimal entities like   (non-breaking space) and — (em dash) decode correctly. Numeric hexadecimal entities like © (copyright symbol) also decode. No innerHTML assignment is used anywhere in the decode path, so there is no risk of script execution when decoding content that contains <script> tags as entities — the parser never sees them as markup.
The encoder outputs ' for apostrophes rather than the named entity '. This is intentional. ' is defined in XML and XHTML but was not part of the HTML 4.01 specification. Some older HTML parsers and browsers do not recognize it. The numeric form ' works in every HTML context without exception, including old Internet Explorer versions, legacy email clients, and XML parsers that also accept HTML.
The tool accepts up to 100 KB of input text. For larger documents, split the content into sections and encode each separately. All conversion runs synchronously in JavaScript — there is no background processing or queue, so results appear the moment you stop typing.
If < were encoded first to &lt;, the & in that entity would then be encoded to &amp; on a second pass, producing &amp;lt; — double-encoding. Encoding & first means the & in output entities is the final encoded form and cannot be double-encoded on a subsequent pass. The tool always encodes & first.
HTML-safe encodes only the 5 characters that break HTML markup. All non-ASCII additionally converts every character above U+007E to a numeric entity. Use HTML-safe for web content going into a UTF-8 page. Use All non-ASCII for content going through systems that don't handle multi-byte characters correctly — legacy email infrastructure, older CMS fields, HTTP headers on non-UTF-8 servers.
&apos; is defined in XHTML and XML but was not included in HTML 4.01. Some older browsers and parsers reject it. The numeric form &#39; works in every context — HTML4, HTML5, XHTML, XML, and every browser and email client without exception.
Yes. The decoder uses the textarea value-property technique, which passes the string through the browser's entity-parsing layer without ever assigning it to innerHTML. Script tags encoded as entities (&lt;script&gt;) are decoded to the text string <script> — they are never parsed as HTML or executed.
All HTML5 named entities, including &nbsp; (non-breaking space), &copy; (©), &trade; (™), &mdash; (—), &ndash; (–), &laquo; («), and several hundred more. Named entities that existed only in XHTML but not HTML4 are also handled by the browser's HTML parser in modern browsers.
Keep going
Encode binary or file content as Base64 for safe transport in data URIs, API payloads, or email templates — the encoding complement to HTML entity conversion.
Open toolPercent-encode URLs and query string values — use alongside HTML entity encoding when building safe links inside HTML attributes.
Open toolTranslate text to binary and back — covers the ASCII range that HTML-safe encoding also protects, useful for understanding character encoding at the byte level.
Open toolFormat and validate JSON that may contain encoded HTML entities — confirm structure and entity values are correct before embedding in API responses or documentation.
Open toolAlso try
Encode binary or file content as Base64 for safe transport in data URIs, API payloads, or email templates — the encoding complement to HTML entity conversion.
Base64 Encoder / Decoder — encode or decode Base64 strings and filesPercent-encode URLs and query string values — use alongside HTML entity encoding when building safe links inside HTML attributes.
URL Encoder / Decoder — percent-encode URLs and query string valuesTranslate text to binary and back — covers the ASCII range that HTML-safe entity encoding also protects.
Binary Translator — convert text to binary, hex, and back