All tools

Developer

HTML Encoder/Decoder

Encode and decode HTML entities to safely display HTML in web pages.

What HTML entity encoding is really preventing

When you insert user text into HTML, you must escape characters like <, >, and & so the browser does not treat them as markup. Encoding is a core defense against some cross-site scripting (XSS) issues when you must render untrusted text. It is a developer hygiene step, not the whole security story.

Use the tool

When to encode vs decode here

Encode to prepare a string for safe HTML insertion. Decode to read a string that is currently escaped, such as an attribute value in a test fixture. If you are building production apps, prefer framework auto-escaping, templating features, and vetted sanitizer libraries where appropriate, not a manual one-off in isolation.

Cautions

Do not paste production secrets or personal data into a browser tool on shared computers. The tool is for development and content preparation.