What is an HTML entity?
An HTML entity is a text representation of a character, such as &lt; for < or &amp; for &.
Is HTML encoding the same as sanitizing?
No. Encoding changes characters so they display as text. Sanitizing removes or restricts unsafe markup according to security rules.
When should I encode quotes?
Encode quotes when text will be placed inside HTML attributes or examples where quote characters could break the markup.
Is my HTML snippet uploaded?
No. Encoding and decoding run locally in your browser after the page loads. Your HTML snippets are not uploaded for processing.
When should I use HTML entities?
Use HTML entities when you want characters such as <, >, &, or quotes to display as text instead of being interpreted as markup.
Can decoded entities become real HTML?
Yes. Decoded text can contain actual angle brackets and markup. If the source is untrusted, sanitize it before rendering it as HTML.