Unencoded user input inserted into HTML can be interpreted as code, enabling XSS attacks. Always encode untrusted content before rendering it in the browser.

</>

HTML Encoder

Encode special characters to HTML entities or decode them back.

Input

Common entities

™

€

HTML Encoding and XSS Prevention

Cross-site scripting (XSS) occurs when an attacker injects script tags or event handlers into a web page. HTML encoding converts < to < and > to >, preventing the browser from interpreting injected content as executable HTML.

Frequently Asked Questions

Related Tools

🌐

URL Encoder

Encode or decode URLs and query string parameters.

🔐

Base64 Encoder

Encode text to Base64 or decode Base64 back to text.

🗜️

CSS Minifier

Minify CSS to reduce file size or prettify to improve readability.

{ }

JSON Formatter

Format, validate and minify JSON in your browser.