HTML Entity Encoder / Decoder

Paste a string, get an entity-encoded version (or do the reverse). Five encoder modes — xml-safe, named, all, decimal, and hex — plus a decoder that handles &name;, &#NNN;, and &#xHHH; references with or without a trailing semicolon. Live, in your browser, no upload.

Direction
Encoder mode
0 chars

Common references

Click any cell to load it into the input box.

Notes

XML-safe
Escape only the five characters that XML and HTML markup require (&, <, >, ", '). Everything else passes through verbatim. This is the right mode for embedding untrusted text into an attribute or text node when you don't need full safety.
Named
Use a named entity reference whenever the codepoint has one (&copy; for ©, &mdash; for —). Characters without a registered name pass through as-is. Smallest output for human-readable markup.
All
Like "named" but every other codepoint is emitted as a decimal numeric reference (&#65;). Useful when you want a single canonical form regardless of which characters happen to be in the string.
Decimal
Always emit &#NNNN; references, even for characters that have a named form. Guaranteed portable across every HTML processor.
Hex
Always emit &#xHHHH; references. Same guarantees as decimal, just smaller for high codepoints.
Escape whitespace
By default, newlines, tabs, and carriage returns pass through as raw characters. Tick the box to entityise them (&#10;, &#9;, &#13;) so a downstream renderer can't normalise them away.
Decode
Resolves every entity form back into characters: &name;, &#NNN;, &#xHHH;, and the same three without a trailing semicolon. Unknown references and stray ampersands are left alone.
Case sensitivity
Named references are case-sensitive — &COPY; and &copy; are both defined (both decode to ©). The encoder always emits the short lowercase form.
Surrogate code points
Numeric references to U+D800…U+DFFF (the surrogate range) are rejected on decode because those are not valid Unicode scalar values.