All Tools VerseHTML entities are codes that let you show characters which would otherwise break a web page, so a less-than sign is written as < and an ampersand as &. They keep the browser from reading those characters as markup. This guide explains how entities work, the difference between named and numeric forms, and free tools to encode and decode them safely.
In this guide
What HTML entities are
An HTML entity is a stand-in for a character, starting with an ampersand and ending with a semicolon. The browser sees the entity and displays the real character instead. The most common reason is to show characters that have meaning in HTML, such as the angle brackets around tags, without the browser treating them as code. The character codes behind entities come from the same Unicode scheme covered in our text encoding guide.
Why they are needed
A browser reads a less-than sign as the start of a tag. If you want to display that sign as text, you must write < or the page breaks. The same applies to the ampersand itself and, inside attributes, to quotes. Encoding these characters as entities is also a core defence against cross-site scripting, because it stops user input from being read as live markup.
Named and numeric forms
Entities come in two styles. Named entities are readable shortcuts such as © for the copyright sign and & for the ampersand. Numeric entities use the character’s code point, such as © for the same copyright sign, and work for any character even when no name exists. Numeric entities are the safe general choice, while named ones are friendlier for the common handful.
Encode and decode entities
To make text safe for HTML, you encode the risky characters into entities. The text to HTML entities converter does this, and the HTML entity escaper focuses on the characters that must be escaped. Going the other way, the HTML entities to text converter turns entities back into the characters they represent, which is useful when reading scraped or stored markup.
When you need them
Entities matter any time text is placed into a web page: displaying code samples, escaping user comments, embedding special symbols, and cleaning content pulled from other sources. Knowing when to encode keeps pages from breaking and keeps user input from turning into an attack. It is a small habit that prevents a large class of bugs.
Free tools used in this guide
Frequently asked questions
What is an HTML entity?
A code starting with an ampersand and ending with a semicolon that the browser displays as a specific character, such as < for a less-than sign.
Why write < instead of the less-than sign?
Because the browser reads a bare less-than sign as the start of a tag, so showing it as text requires the entity or the page breaks.
What is the difference between named and numeric entities?
Named entities are readable shortcuts such as ©, while numeric entities use the code point such as © and work for any character.
Do HTML entities help with security?
Yes. Encoding user input as entities stops it from being read as live markup, which is a core defence against cross-site scripting.
How do I decode entities back to text?
Run the markup through an HTML entities to text converter, which replaces each entity with the character it represents.