DevToolsBox

HTML Entity Encoder Online

Free online HTML entity encoder that escapes markup characters before rendering untrusted text.

Ad Space

Free online HTML entity encoder that escapes markup characters before rendering untrusted text.

How it works
This tool converts characters like <, >, &, and quotes into HTML entities. It helps safely display untrusted text inside HTML.
Example
Input:
<script>alert("x")</script>

Output:
&lt;script&gt;alert(&quot;x&quot;)&lt;/script&gt;
FAQ
Does encoding prevent XSS?
Encoding helps when outputting text into HTML, but correct escaping depends on context (HTML, JS, URL). Use context-appropriate escaping.
What characters should I always encode?
At minimum encode &, <, >, ", and ' when inserting untrusted text into HTML.
Ad Space
Related Tools
← Back to all tools