HTML Encode
Escape special characters into HTML entities so they render as text, not markup.
About the HTML Encoder
If you want to show literal code or markup on a web page, characters like <, >, & and quotation marks have to be escaped, otherwise the browser will try to render them as tags. This tool converts those reserved characters into their HTML entities - for example < becomes < - so your text displays exactly as written.
How to use it
- Paste the text or snippet you want to display safely.
- The escaped, entity-encoded version updates as you type.
- Copy it into your HTML source where it will render as plain text.
The classic use case is a tutorial or blog post that needs to show example code without it being executed. Escaping the angle brackets and ampersands is also the basic defence against breaking your page layout when displaying user-supplied text. This tool focuses on the core reserved characters rather than every named entity, and it works entirely in your browser, so your content is never uploaded.
Frequently asked questions
Which characters does HTML encoding escape?
It escapes the characters that have special meaning in HTML: < becomes <, > becomes >, & becomes &, and quotation marks become " or '. Other text is left unchanged.
Why do I need to encode HTML at all?
Without escaping, a browser interprets < and > as tags, so example code would render or break the layout. Encoding makes the browser display the characters literally instead.
Is HTML encoding enough to prevent XSS?
Escaping reserved characters in text content is an important first step, but full XSS protection also depends on context, such as attributes and scripts. Use a vetted templating library for untrusted input in production.
Does my text leave the browser?
No. The encoding runs locally, so nothing you paste is sent to a server.