HTML Encode Text Online
HTML encoding converts special characters to their HTML entity equivalents, making them safe to display in HTML without being interpreted as HTML markup. This is critical for security — displaying user-supplied text in HTML without encoding it opens the door to Cross-Site Scripting (XSS) attacks. Characters like < (less-than), > (greater-than), & (ampersand), and quotes are given special meaning by HTML parsers and must be escaped when you want them displayed as literal characters. This tool converts these characters to their HTML entities: & becomes &, < becomes <, > becomes >, and " becomes ". The encoded text can be safely embedded in HTML pages, email templates, and any context where HTML is rendered.
html / text
0 chars1 lines
encodedREADY
0 chars1 lines
FAQ
- Why is HTML encoding important for security?
- Without HTML encoding, user-supplied text containing <script> tags can execute arbitrary JavaScript in the victim's browser (XSS). Encoding converts < to < so the browser displays it as text, not markup.
- Which characters are encoded?
- At minimum: & → &, < → <, > → >, " → ", ' → '. Extended encoding also converts non-ASCII characters to their numeric entity form like é for é.
- When should I use HTML encoding vs URL encoding?
- Use HTML encoding when inserting text into HTML content or attributes. Use URL encoding when inserting text into URLs or query parameters. They are different encoding schemes for different contexts.