en

Encode HTML

Convert special characters into HTML entities (& to &amp;, < to &lt;) - safe against broken markup, locally in your browser, no upload.

Running locally on your device ...

0%

Your files never left your device

    Is my file uploaded?

    No. Everything runs in your browser - your file never leaves your device. How this is verifiable

    No upload100% local
    Your content stays with youno third-party access
    Servers in GermanyGDPR by design
    Independently auditedTLS A+ · HTTP headers A+

    In HTML some characters have a special meaning: the angle brackets delimit tags, the ampersand starts an entity, quotation marks delimit attribute values. If you write these characters unchanged into a page, the markup breaks or a security hole appears. This tool replaces the five critical characters with their HTML entities, so the text appears as plain content and is not interpreted as code.

    Specifically & becomes &amp;, < becomes &lt;, > becomes &gt;, the double quotation mark becomes &quot; and the single one &#39;. Exactly these five replacements are enough to embed text safely into HTML content or attribute values - the same protection web frameworks apply when outputting user input to prevent cross-site scripting. The reverse direction is handled by the HTML decode tool.

    Encoding runs entirely locally in your browser in pure JavaScript - your text is not uploaded, not stored, and no foreign library is loaded from a CDN. You can download the result as a text file or copy it straight into your HTML source.

    Specifications

    Specifications
    Input formatsText input
    Output formatTXT
    Batch processingNo
    ProcessingLocally in your browser (JavaScript)
    File uploadNone

    In 3 steps

    1. Paste the text into the text field.
    2. Click encode.
    3. Read or download the encoded text.

    Limitations: The tool replaces the five HTML-critical characters (& < > " single quote); other characters stay unchanged, because modern pages use UTF-8 and need no further encoding. It is an aid, not a complete security filter: the duty to escape context-appropriately stays with the embedding. Very large texts are limited by your device memory.

    FAQ

    Is my text uploaded?

    No. Encoding runs entirely locally in your browser; your text never leaves your device and is not stored.

    Which characters are replaced?

    The five HTML-critical ones: & becomes &amp;, < becomes &lt;, > becomes &gt;, the double quotation mark becomes &quot; and the single one &#39;.

    Does this protect against cross-site scripting?

    It is the same basic protection frameworks apply when outputting. It does not fully replace context-appropriate escaping when embedding, though; treat it as an aid.

    How do I reverse the encoding?

    With the HTML decode tool: it turns the entities back into the original characters.

    Related tools