Back to home
Text
HTML Encode
Escape special HTML characters
Runs locally in your browser
Input
Output
—
How it works
Escapes HTML special characters so user-supplied text can be displayed safely on a web page without being interpreted as markup.
Who it's for: Developers preventing XSS in templates, technical writers embedding code samples in CMS HTML, and support staff sanitizing pasted content
Converts <, >, &, quotes, and related characters to HTML entities like < and &.
Prevents accidental script execution when rendering untrusted strings.
Outputs entity-safe text ready for insertion into HTML body content.
How to use
- Paste HTML or plain text that contains special characters into Input.
- Review the escaped entities in the Result panel.
- Copy the encoded string into your template, JSON payload, or CMS source view.
- Preview in a browser to confirm angle brackets display as text, not tags.
Good to know
- Encode at output time in production apps—encoding twice shows literal < to users.
- Attribute contexts may need additional quoting rules beyond basic entity escape.
- This tool escapes for text content—not a full HTML sanitizer for rich markup.