Documentation
How to use this tool, practical use cases, and technical notes.
The HTML Entity Encoder/Decoder has a clean two-panel interface — input on the left, output on the right — with two operating modes and several power-user options. Here is a complete walkthrough of every feature.
Step 1 — Choose Your Mode
The tool opens in Encode mode by default. Select the appropriate mode at the top of the workspace before entering your text:
Mode | What It Does | When to Use |
|---|---|---|
Encode to HTML entities | Converts plain text or raw HTML into HTML entity representations | Sanitizing user input, preparing text for HTML display, crafting encoded payloads |
Decode from HTML entities | Converts HTML entity strings back into their original characters | Reversing encoded output, reading obfuscated HTML, debugging double-encoded content |
Step 2 — Enter Your Input
Type or paste your content into the left panel (labeled "Plain text / HTML" in Encode mode, or the entity input in Decode mode). The input field accepts:
Plain text with special characters
Full HTML markup snippets
Mixed content (text + markup)
Numeric entities (decimal or hex) when in Decode mode
Named entities when in Decode mode
Input size: The tool handles content of any practical length. For very large inputs (multi-megabyte HTML files), browser performance may vary — for bulk operations on large files, a server-side script is more appropriate.
Step 3 — Configure Options
Before running the conversion, check the available options:
Option | What It Does | Default | When to Enable |
|---|---|---|---|
Live mode | Processes input as you type, with no button click needed | Off | Quick single-character lookups; interactive exploration |
Encode non-ASCII as numeric entities | Forces all non-ASCII characters (accented letters, symbols, non-Latin scripts) to be encoded as | Off | When targeting environments that cannot reliably handle UTF-8; legacy system compatibility; maximum encoding coverage for security testing |
Step 4 — Run the Conversion
If Live mode is off, click the Encode or Decode button to process your input. The result appears instantly in the right panel.
Step 5 — Use Power Features
Swap: Click the Swap button to flip the input and output — useful when you want to immediately decode something you just encoded, or to iterate on a payload.
Clear: Resets both panels to empty, ready for a new input.
Common HTML entities panel: Eight pre-built entity buttons appear below the main panels. Click any to insert it directly into your input:
Button | Entity | Character |
|---|---|---|
| Ampersand | & |
| Less than | < |
| Greater than | > |
| Double quote | " |
| Apostrophe | ' |
| Non-breaking space | (space) |
| Copyright | © |
| Registered | ® |
Quick examples panel: Six pre-loaded example inputs demonstrate common scenarios:
Example | Mode | Input | What It Demonstrates |
|---|---|---|---|
HTML tag | Encode |
| Full tag encoding including attributes |
Quotes | Encode |
| Quote and ampersand encoding |
Script snippet | Encode |
| XSS payload encoding for security testing |
Basic entities | Decode |
| Named entity decoding |
Numeric | Decode |
| Decimal numeric entity decoding (spells "Hello") |
Mixed | Decode |
| Mixed named and numeric entity decoding |
Step 6 — Copy and Use Your Output
Select and copy the output from the right panel, or use your browser's standard copy shortcut. The output can be pasted directly into:
HTML templates and source code
Security testing tool inputs (Burp Suite Repeater, OWASP ZAP)
CMS content editors
Markdown or documentation files
Bug report write-ups
Understanding Encode Output: What Gets Encoded?
When you run the Encode function, here is exactly what the tool converts:
Character Type | Default Behavior | With "Encode non-ASCII" Enabled |
|---|---|---|
| Always encoded to named/numeric entities | Same |
ASCII printable characters (letters, digits) | Passed through unchanged | Passed through unchanged |
ASCII control characters | Encoded as numeric entities | Encoded as numeric entities |
Accented Latin characters (é, ñ, ü) | Passed through as UTF-8 | Encoded as |
Currency symbols (€, £, ¥) | Passed through as UTF-8 | Encoded as numeric entities |
Non-Latin scripts (Arabic, Chinese, Cyrillic) | Passed through as UTF-8 | Encoded as numeric entities |
Emoji | Passed through as UTF-8 | Encoded as numeric entities |
The HTML Entity Encoder/Decoder has a clean two-panel interface — input on the left, output on the right — with two operating modes and several power-user options. Here is a complete walkthrough of every feature.
Step 1 — Choose Your Mode
The tool opens in Encode mode by default. Select the appropriate mode at the top of the workspace before entering your text:
Mode | What It Does | When to Use |
|---|---|---|
Encode to HTML entities | Converts plain text or raw HTML into HTML entity representations | Sanitizing user input, preparing text for HTML display, crafting encoded payloads |
Decode from HTML entities | Converts HTML entity strings back into their original characters | Reversing encoded output, reading obfuscated HTML, debugging double-encoded content |
Step 2 — Enter Your Input
Type or paste your content into the left panel (labeled "Plain text / HTML" in Encode mode, or the entity input in Decode mode). The input field accepts:
Plain text with special characters
Full HTML markup snippets
Mixed content (text + markup)
Numeric entities (decimal or hex) when in Decode mode
Named entities when in Decode mode
Input size: The tool handles content of any practical length. For very large inputs (multi-megabyte HTML files), browser performance may vary — for bulk operations on large files, a server-side script is more appropriate.
Step 3 — Configure Options
Before running the conversion, check the available options:
Option | What It Does | Default | When to Enable |
|---|---|---|---|
Live mode | Processes input as you type, with no button click needed | Off | Quick single-character lookups; interactive exploration |
Encode non-ASCII as numeric entities | Forces all non-ASCII characters (accented letters, symbols, non-Latin scripts) to be encoded as | Off | When targeting environments that cannot reliably handle UTF-8; legacy system compatibility; maximum encoding coverage for security testing |
Step 4 — Run the Conversion
If Live mode is off, click the Encode or Decode button to process your input. The result appears instantly in the right panel.
Step 5 — Use Power Features
Swap: Click the Swap button to flip the input and output — useful when you want to immediately decode something you just encoded, or to iterate on a payload.
Clear: Resets both panels to empty, ready for a new input.
Common HTML entities panel: Eight pre-built entity buttons appear below the main panels. Click any to insert it directly into your input:
Button | Entity | Character |
|---|---|---|
| Ampersand | & |
| Less than | < |
| Greater than | > |
| Double quote | " |
| Apostrophe | ' |
| Non-breaking space | (space) |
| Copyright | © |
| Registered | ® |
Quick examples panel: Six pre-loaded example inputs demonstrate common scenarios:
Example | Mode | Input | What It Demonstrates |
|---|---|---|---|
HTML tag | Encode |
| Full tag encoding including attributes |
Quotes | Encode |
| Quote and ampersand encoding |
Script snippet | Encode |
| XSS payload encoding for security testing |
Basic entities | Decode |
| Named entity decoding |
Numeric | Decode |
| Decimal numeric entity decoding (spells "Hello") |
Mixed | Decode |
| Mixed named and numeric entity decoding |
Step 6 — Copy and Use Your Output
Select and copy the output from the right panel, or use your browser's standard copy shortcut. The output can be pasted directly into:
HTML templates and source code
Security testing tool inputs (Burp Suite Repeater, OWASP ZAP)
CMS content editors
Markdown or documentation files
Bug report write-ups
Understanding Encode Output: What Gets Encoded?
When you run the Encode function, here is exactly what the tool converts:
Character Type | Default Behavior | With "Encode non-ASCII" Enabled |
|---|---|---|
| Always encoded to named/numeric entities | Same |
ASCII printable characters (letters, digits) | Passed through unchanged | Passed through unchanged |
ASCII control characters | Encoded as numeric entities | Encoded as numeric entities |
Accented Latin characters (é, ñ, ü) | Passed through as UTF-8 | Encoded as |
Currency symbols (€, £, ¥) | Passed through as UTF-8 | Encoded as numeric entities |
Non-Latin scripts (Arabic, Chinese, Cyrillic) | Passed through as UTF-8 | Encoded as numeric entities |
Emoji | Passed through as UTF-8 | Encoded as numeric entities |