HTML Entity Decoder

Decode HTML named, decimal, and hex entities back to plain text

Free HTML entity decoder and encoder. Convert named entities like & , decimal references like A and hex references like A back to plain text, or escape text into safe HTML entities. Handles Unicode code points and runs entirely in your browser. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What kinds of entities can this decode?

It decodes named entities such as & , < , and © , decimal numeric references like — , and hexadecimal references like ☺ . It covers the common named set plus any code point expressed numerically.

HTML entities are escape sequences that let you include reserved characters — like the ampersand or angle brackets — or any Unicode character inside HTML without the browser misinterpreting it. This tool decodes named, decimal, and hexadecimal entities back to plain text, and can also encode text into safe entities.

How it works

Every entity starts with an ampersand and ends with a semicolon. There are three forms:

&      named entity          -> &
A      decimal reference     -> A
A     hexadecimal reference -> A

To decode, the tool scans for these patterns. A named entity is looked up in a table of common names (such as amp, lt, copy, mdash, pound) to find its Unicode code point. A numeric reference is parsed as decimal, or as hexadecimal when it begins with #x, then converted with String.fromCodePoint. Anything that is not a recognised name or a valid code point is left exactly as written, so content is never silently corrupted.

Encoding direction

Encoding is the reverse: the HTML-significant characters &, <, >, ", and ' are replaced with their safe entity equivalents (&amp;, &lt;, &gt;, &quot;, &#39;). An optional setting also converts every non-ASCII character to a numeric reference, which is useful when a system can only transmit plain ASCII.

When you need this tool

Decoding is useful when you receive HTML from an API, a CMS export, or a scraper and need to read the actual content. Entities appear frequently in:

  • RSS and Atom feeds, where &amp; is common and &#8212; (em dash) appears in article titles.
  • JSON payloads from legacy systems that HTML-escape values in a JSON string.
  • Email HTML where &nbsp; and &copy; are used in templates.
  • Database records that stored HTML-escaped text instead of raw Unicode.

Encoding is needed when you are building HTML dynamically and need to safely insert user-supplied text into the page without creating XSS vulnerabilities. Encoding <, >, &, ", and ' prevents the browser from interpreting user content as markup.

Worked example

The fragment Fish &amp; Chips &#8212; &pound;5 &#x263A; decodes to:

Fish & Chips — £5 ☺

Breaking it down:

  • &amp; — named entity for &
  • &#8212; — decimal code for (em dash, U+2014)
  • &pound; — named entity for £ (pound sign)
  • &#x263A; — hex code for (smiling face, U+263A)

The reverse: encoding Fish & Chips — £5 produces Fish &amp; Chips &#8212; &pound;5 (or the fully numeric form if you choose that option). All processing happens in your browser — nothing is uploaded.

Common pitfalls

  • Decoding twice: RSS parsers, content management systems, and template engines sometimes double-encode content — the ampersand in &amp; itself gets encoded to &amp;amp;. If decoded output still contains visible entities, run the tool again.
  • Named entities not in HTML4: A few named entities like &apos; are valid in HTML5 and XML but were not defined in HTML4. If you need to support very old parsers, use the numeric form &#39; instead.
  • No semicolon: Some parsers tolerate entities without a trailing semicolon (&amp instead of &amp;). This tool requires the semicolon — paste standard-form entities for correct decoding.
  • Entities inside attribute values: Inside an HTML attribute, &, ", and ' all need escaping. The encoding mode handles this correctly; raw text pasted into an attribute value without encoding can break the HTML structure or create injection vulnerabilities.