Encode special characters to HTML entities or decode entities back to characters.
| Character | Entity | Name |
|---|---|---|
| < | < | Less than |
| > | > | Greater than |
| & | & | Ampersand |
| " | " | Double quote |
| ' | ' | Single quote |
| | Non-breaking space |
Convert special characters into HTML entities and back: < becomes <, & becomes &, quotes and angle brackets become their safe equivalents. Decoding reverses it, turning entity soup from a scraped page or CMS export back into readable text.
Everything runs locally in your browser — nothing you paste is sent anywhere.
You want to show the snippet <a href="page.html">link</a> in a blog post. Pasted raw into your HTML, the browser renders an actual link. Run it through the encoder and you get the escaped form — paste that into your page and readers see the code itself instead of a rendered link.
Five do the heavy lifting: < and > (they open and close tags), & (it starts entities), and the two quote characters (they terminate attribute values). Encode those and text is safe to place in normal HTML content or attributes.
Both represent an apostrophe. ' is the numeric form and works everywhere; ' is a named entity that was technically absent from HTML 4, so older tooling sometimes chokes on it. When in doubt, numeric entities are the safer output.
It's the correct first step for HTML contexts, but context matters: text going into a JavaScript string, a URL, or a CSS value each needs its own escaping rules. Entity encoding alone doesn't cover those.
It was encoded twice — usually a sign that some layer in your pipeline already escaped it. Decode twice to recover the original, then find and remove the redundant encoding step.