OS Garage

Encoding Tool

HTML Encoder Online

Convert special characters to HTML entities for safe rendering.

Features

Encodes All 5 Critical Characters

Converts &, <, >, ", and ' to their safe entity equivalents.

XSS Prevention Ready

Properly encoded output cannot be interpreted as HTML markup by browsers.

Preserves Whitespace & Structure

Newlines, spaces, and non-HTML-special characters pass through unchanged.

How to Use

  1. 1

    Enter text with HTML characters

    Paste any user content or string containing <, >, &, or quotes.

  2. 2

    See HTML-safe output

    All special characters are replaced with &entity; equivalents.

  3. 3

    Use in HTML templates

    Paste the encoded output safely into HTML without risk of injection.

Examples

XSS prevention

Input

<script>alert("xss")</script>

Output

&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;

HTML in text

Input

5 < 10 & 10 > 5

Output

5 &lt; 10 &amp; 10 &gt; 5

Common Questions

Yes — HTML encoding, HTML escaping, and HTML entity encoding all refer to the same operation: converting special HTML characters to their entity equivalents.

Yes. React automatically escapes all values rendered with JSX expressions {}. However, dangerouslySetInnerHTML bypasses this and requires manual encoding.

HTML encoding converts characters to &entity; format for safe HTML rendering. URL encoding converts characters to %XX format for safe URL transmission. They serve different purposes and should not be mixed.

Related Tools

HTML DecodeURL EncodeBase64 EncodeAll Tools →