Certain characters carry special meaning in HTML. A less-than sign starts a tag, an ampersand starts an entity, and quotes delimit attributes. When you want those characters to appear as text instead of being interpreted as markup, you escape them into HTML entities. The ToolOrbit HTML Entity Encode/Decode tool handles named, decimal, and hexadecimal entities in both directions.
What HTML entities are
An entity is a stand-in for a character, written as an ampersand, a code, and a semicolon. The same character can usually be expressed three ways: a memorable named form, a decimal numeric form, or a hexadecimal numeric form. All three render identically in the browser.
Tom & Jerry in bold tags becomes escaped entities named: copyright decimal: 169 hex: A9
Why escaping matters
- Security: escaping user input is a primary defense against cross-site scripting (XSS)
- Correctness: an unescaped < or & can silently break your page layout
- Display: showing code samples requires escaping the tags so they appear as text
- Attributes: escaping quotes prevents user data from breaking out of an attribute
Using the tool
Paste raw text to encode it into safe entities, or paste entity-laden HTML to decode it back into readable characters. Decode mode is great for cleaning up content scraped from a page or stored in a database where everything was over-escaped. All conversion runs privately in your browser.
Common mistakes
Do not double-escape: turning an already-escaped ampersand into a doubly-escaped one produces visible garbage on the page. Equally, do not rely on manual escaping for security in templates that already auto-escape, or you may end up with both. Understand whether your framework escapes for you, and let this tool handle the one-off conversions and debugging.