HTML Entity Encoder/Decoder
Escape or unescape HTML entities to keep content safe or readable. Runs entirely in your browser.
All processing runs locally in your browser.
Tip: encode before embedding user input; decode to review stored entities.
Stats
Input length
--
Output length
--
Entities
--
Time
--
Change
--
History
Run a transform to build history.
Output
Result will appear here.
Batch mode
Upload .txt or .html files, process with current settings, and download results.
No batch results yet.
API snippets
Copy ready-to-use encode/decode helpers for your app.
type EncodeMode = "named" | "numeric" | "hex";
const NAMED = {
"&": "&",
"<": "<",
">": ">",
'"': """,
"'": "'",
"\u00A0": " ",
};
const UNSAFE = new Set(["&", "<", ">", '"', "'"]);
const ENTITY_RE = /&(#x[0-9a-fA-F]+|#\d+|amp|lt|gt|quot|apos|nbsp);/g;
export function encodeHtml(text: string, options: { mode?: EncodeMode; unsafeOnly?: boolean; includeSlash?: boolean } = {}): string {
const { mode = "named", unsafeOnly = true, includeSlash = false } = options;
let out = "";
for (const ch of text) {
const isUnsafe = UNSAFE.has(ch) || (includeSlash && ch === "/");
if (unsafeOnly && !isUnsafe) {
out += ch;
continue;
}
if (mode === "named" && NAMED[ch]) {
out += NAMED[ch];
continue;
}
const cp = ch.codePointAt(0);
if (cp === undefined) {
out += ch;
continue;
}
out += mode === "hex" ? `&#x${cp.toString(16)};` : `&#${cp};`;
}
return out;
}
export function decodeHtml(text: string): string {
return text.replace(ENTITY_RE, (match, body) => {
if (body.startsWith("#")) {
const isHex = body[1]?.toLowerCase() === "x";
const numberText = isHex ? body.slice(2) : body.slice(1);
const cp = parseInt(numberText, isHex ? 16 : 10);
if (!Number.isFinite(cp) || cp < 0 || cp > 0x10ffff) return match;
try {
return String.fromCodePoint(cp);
} catch {
return match;
}
}
const decode = { amp: "&", lt: "<", gt: ">", quot: '"', apos: "'", nbsp: "\u00A0" };
return decode[body] ?? match;
});
}How to use
- Choose encode or decode, paste your text, and run (auto-run is on by default).
- Use Trim input to remove leading/trailing whitespace before processing.
- Copy or download the result; large inputs show a warning.
FAQ & privacy
Does this run locally? Yes, all processing happens in your browser.
Why encode? Encoding prevents browsers from treating user input as markup (avoids XSS/layout issues).
Is this a sanitizer? No. Encoding is for safely displaying text in HTML, not sanitizing unsafe HTML.
Big inputs? Very large inputs may be slower; you’ll see a warning so you can decide.