Something wrong with this tool?
About HTML Entity Encoder Online
This tool converts characters with special meaning in HTML into their entity equivalents. < becomes <, > becomes >, & becomes &, " becomes ", and so on. The result can be safely embedded inside HTML without being interpreted as markup.
HTML encoding is critical for preventing cross-site scripting (XSS) attacks when displaying user-submitted content on a web page. If you don't encode <script> tags before rendering, malicious users can inject and execute JavaScript in other users' browsers.
The tool also supports numeric entity encoding (< instead of <) and named entity encoding for non-ASCII characters (é becomes é), letting you choose the format that best fits your use case.
How to use this tool
How to escape special characters as HTML entities
Paste the text
Drop the plain string into the "Text" field. The tool encodes every character that has a meaning inside HTML: `<`, `>`, `&`, `"`, `'` become `<`, `>`, `&`, `"`, `'`.
Press Run
Result returns a single `encoded` field. The output is safe to paste into HTML body text, attribute values (when wrapped in `"`), and most templating engines that don't auto-escape.
What it doesn't cover
JavaScript string literals, CSS selectors, and URL components have different escaping rules — don't use HTML entity encoding for those. For attribute values like `onclick="…"`, you also need JS escaping inside the string.
Round-tripping
Run the output through `html-entity-decoder` to confirm round-trip safety. Repeated encoding double-escapes: `&` becomes `&amp;`. If you see `&lt;` in rendered HTML, something already-encoded got re-encoded.