HTML Entities Encode / Decode
Encode special characters to HTML entities (<, &, ©...) and decode them back. Reference table included. Runs 100% in your browser.
HTML encoding lets special characters (< > &) display as text instead of being parsed as tags. Useful when pasting code/AI output into HTML, or previewing in a blog.
Common entities reference
| Char | Named | Numeric | Description |
|---|---|---|---|
| < | < | < | Less than |
| > | > | > | Greater than |
| & | & | & | Ampersand |
| " | " | " | Double quote |
| ' | ' | ' | Apostrophe |
| © | © | © | Copyright |
| ® | ® | ® | Registered |
| ™ | ™ | ™ | Trademark |
| € | € | € | Euro |
| £ | £ | £ | Pound |
| ¥ | ¥ | ¥ | Yen |
| ° | ° | ° | Degree |
| ± | ± | ± | Plus-minus |
| × | × | × | Multiplication |
| ÷ | ÷ | ÷ | Division |
| → | → | → | Right arrow |
| ← | ← | ← | Left arrow |
| |   | Non-breaking space |
When you need HTML encoding
- Display code/text on a web page: pasting
<div>into HTML would render as a real tag — encode to<div>to show it as text. - Embed AI output in a blog: ChatGPT/Claude outputs containing
<,>need encoding to render correctly. - URL query strings:
&in a URL must be escaped to&so it isn't parsed as a separator. - XSS prevention: encoding user input before injecting it into HTML is the most basic XSS defence.
- HTML email: email clients are strict — encoding avoids broken templates from special characters.
Three entity formats
- Named:
< & ©— most readable, but not all characters have a name. - Decimal:
<— universal, supported in every browser. - Hex:
<— compact for high Unicode (emoji, CJK).
Tips
- Toggle "Encode all non-ASCII" for maximum safety — Vietnamese, emoji, CJK all become numeric entities.
- By default only the 5 critical chars are encoded (
< > & " ') — enough for 95% of use cases. - Auto-decode happens as you paste into the right box — no button click needed.
Who this is for
Fullstack/backend/devops engineers — debug JWT, format JSON/SQL, parse cURL, compute CIDR subnets, draft Mermaid diagrams, write conventional commits… Daily toolkit alongside your terminal and editor.
FAQ
Is my pasted code/token sent anywhere?
No. All TopDev dev tools run 100% client-side — JWT, SQL, JSON, cURL, regex… process in-browser. Disconnect to verify. Safe for internal tokens, production DB queries, API keys.
Does it work offline / install as a PWA?
Tools work offline after the first load. Installable PWA is on the roadmap — for now you can bookmark and use without internet.
Related tools
See all tools →JWT Decoder
Decode JWT tokens — header, payload, claims with readable timestamps.
NEWText Diff
Paste 2 texts → highlight diffs at word/line/char level. Great for diffing AI outputs.
NEWJSON Schema Generator
Generate JSON Schema (Draft-07) from a sample — for LLM structured output and API validation.
NEWJSON Formatter
Format / minify / validate JSON. Sort keys A-Z, custom indent, Ctrl+Enter shortcut.