AIStacker
Web

概要

HTML エンティティ エンコーダー / デコーダー

HTML 特殊文字のエンコード・デコードをブラウザ上で即時実行。よく使うエンティティ一覧付き。

とはの使い方使用例主な使用シーンよくある質問

カテゴリ hub

Web

悩み

5

FAQ

4

クイックリンク

Hubを見る
#html-entities#html-encode#html-decode#special-characters#xss-prevention

HTML Entity Encoder / Decoder

Encode special characters to HTML entities or decode entities back to readable text. Runs entirely in your browser.

Paste HTML here
Output

Result appears here

Quick Reference — Common HTML Entities

<&lt;
>&gt;
&&amp;
"&quot;
'&#39;
/&#x2F;
©&copy;
®&reg;
&trade;
&euro;
·&nbsp;
&mdash;

解決できる問題

How do I display HTML code as text on a webpage?

Encode the HTML code with this tool, then wrap the output in a <pre> or <code> element. The &lt; and &gt; entities will render as visible angle brackets instead of being interpreted as tags by the browser.

Does encoding HTML entities prevent XSS?

Encoding user input before inserting it into HTML is one of the primary defenses against reflected and stored XSS. By converting < to &lt; and > to &gt;, any injected script tags become inert text. However, context matters — encoding for HTML is different from encoding for JavaScript strings or URL parameters.

Why does & in a URL break HTML validation?

HTML parsers treat & as the start of an entity reference. An unencoded & in an href attribute like href="a?x=1&y=2" is technically invalid HTML. Encode it as href="a?x=1&amp;y=2" to make the markup valid. Modern browsers handle both, but validators and strict parsers require encoding.

How do I read HTML entity-encoded content from an email or API response?

Switch to Decode mode and paste the encoded string. The tool uses the browser's native HTML parser to resolve all entities — named, decimal, and hexadecimal — back to their original characters. This is faster and more accurate than manual entity lookup.

How do I add a non-breaking space in HTML?

Use the &nbsp; entity (non-breaking space). It prevents the browser from wrapping text at that position and is invisible in the page but counts as a space character. Copy it directly from the Quick Reference table in this tool.

よくある使用フロー

URL DecoderBase64 Encoder / DecoderHTML エンティティ エンコーダー / デコーダーURL DecoderJSON Escape and Unescape Tool

このワークフローのガイド

Supporting guides that connect this tool to the broader category workflow.

カテゴリ hub を開く
Web guide

400・401・403・422 を見分ける API エラー切り分け手順

不正なリクエスト、認証失敗、権限不足、バリデーションエラーを混同せずに切り分けるための実践的な API デバッグ手順です。

Web guide

Access-Control-Allow-Origin の * が credentials 付きで失敗する理由

フロントエンドが cookies や認証付きのリクエストを送るときに、Allow-Origin を `*` にしてしまう代表的な CORS ミスをブラウザ目線で整理します。

Web guide

redirect_uri と Query Params での encodeURI と encodeURIComponent の使い分け

redirect_uri、ネストされた URL、query value をどの境界でエンコードすべきかを実例ベースで整理したガイドです。

Web guide

User-Agent 文字列を全トークンで悩まず読む方法

ブラウザ種別、OS、デバイス種別、Bot らしさなど、実際にデバッグ判断を変える User-Agent の信号だけを抜き出すための実践ガイドです。

とは

HTML エンティティ エンコーダー / デコーダー とは?

The HTML Entity Encoder/Decoder converts special characters into their HTML entity equivalents (encoding) or reverses the process (decoding). Encoding is essential for safely displaying user-generated content in HTML, preventing XSS attacks, and embedding special characters in HTML attributes. Decoding is useful when you receive escaped HTML and need to read or process the raw text.

The tool includes a quick-reference table of the most commonly needed entities — &lt;, &gt;, &amp;, &quot;, &copy;, &nbsp;, and more — so you don't have to memorize them. Switch between encode and decode modes with one click, or use "Swap & Flip" to chain the output back into the input for round-trip testing.

の使い方

HTML エンティティ エンコーダー / デコーダー の使い方

1. Choose "Encode" or "Decode" mode from the toggle.

2. Paste your text into the left panel. The result appears in the right panel immediately.

3. Click "Swap & Flip" to send the result back to the input and switch modes — useful for round-trip verification.

4. Click "Copy Result" to copy the output.

5. Click "Load Example" to prefill a sample appropriate for the current mode.

6. Use the Quick Reference table at the bottom to look up common entities.

使用例

使用例

Encode mode input:
<div class="greeting">Hello "World" & <Friends></div>

Encoded output:
&lt;div class=&quot;greeting&quot;&gt;Hello &quot;World&quot; &amp; &lt;Friends&gt;&lt;/div&gt;

Decode mode — paste the encoded version back to recover the original HTML.

主な使用シーン

主な使用シーン

1. XSS prevention: Encode user input before inserting it into HTML to prevent injection attacks.

2. HTML template authoring: Encode special characters in CMS content or email templates that don't support raw HTML.

3. API response inspection: Decode entity-encoded strings in API responses or XML feeds to read the actual content.

4. Email HTML: Encode special characters that mail clients may misinterpret as HTML tags.

5. Documentation writing: Encode code snippets containing angle brackets for display in HTML documentation.

よくある質問

よくある質問

What characters get encoded?v
The encoder converts the six most dangerous characters for XSS and HTML injection: < (&lt;), > (&gt;), & (&amp;), " (&quot;), ' (&#39;), and / (&#x2F;). These cover the primary attack vectors for injecting HTML or JavaScript.
Is this the same as URL encoding?v
No. HTML entity encoding is specific to HTML documents and replaces characters with &name; or &#number; sequences. URL encoding (percent-encoding) is for URL components and replaces characters with %XX sequences. Use the URL Encode tool for URL contexts.
Does it handle &copy;, &nbsp;, and other named entities?v
The decode mode handles all standard HTML named entities including &copy;, &reg;, &trade;, &nbsp;, &mdash;, and all numeric entities. The encode mode focuses on the characters that pose security risks.
Can I use this for XML entity encoding too?v
The characters encoded (&lt; &gt; &amp; &quot;) are valid XML entities as well, since XML is a superset of these escape rules. However, XML does not support named entities like &copy; — use numeric entities (&#169;) for those in XML.