TextArray
100% local

HTML entities encode and decode

Escape HTML special characters or turn entities back into readable text.

Input
Output

HTML entities encode and decode

Five characters carry structural meaning in HTML — & < > " and ' — so any text that contains them has to be escaped before it can be shown as content rather than interpreted as markup. Paste text to escape it, or paste escaped markup to read it back in plain form. It is the quickest way to prepare a code sample for a blog post, drop user text into a template safely, or decode a feed export where every apostrophe arrived as &#39;.

The scope selector controls how much gets escaped. "Reserved only" touches just the five special characters and leaves everything else — accented letters, symbols, emoji — as literal UTF-8, which is the right choice for any modern page served as UTF-8. "Reserved + non-ASCII" additionally converts every character above the ASCII range into a numeric entity like &#353;, which is what you want for legacy systems, email templates or environments where the character encoding is uncertain.

Decoding is broader than encoding on purpose. It recognises the roughly 120 named entities you actually meet in the wild — &nbsp; &copy; &mdash; &hellip; &eacute; &scaron; arrows, Greek letters, currency and maths symbols — plus every numeric form, both decimal &#123; and hexadecimal &#x1F600;, including astral characters like emoji. Unknown named entities are left exactly as they are rather than being silently dropped, so nothing is lost.

Everything runs in your browser with no markup parser and no DOM involved, so pasting untrusted HTML here cannot execute anything. Nothing is uploaded — the text stays on your device. The tally under the output counts how many entities were written or resolved.

FAQ

Which characters does encoding escape?
The five reserved ones: & < > " and '. With "Reserved + non-ASCII" every character above code point 127 also becomes a numeric entity.
Do I need to escape accented letters and emoji?
Not on a modern UTF-8 page — "Reserved only" is enough. Use "Reserved + non-ASCII" for legacy systems or email templates where the encoding is unreliable.
Which entities can it decode?
Around 120 common named entities plus all numeric forms, decimal and hexadecimal, including emoji. Named entities it does not recognise pass through unchanged.
Does escaping HTML make user input safe?
Escaping these characters is the core defence when inserting text into HTML content, but context matters — attributes, URLs and script blocks need their own handling.
Is my text uploaded anywhere?
No. The tool runs entirely in your browser and your text never leaves your device. No markup is parsed or executed.