Common HTML Entities
🏷️ What is HTML Entity Encoding?
HTML entities are character references used to safely represent characters with special meaning in HTML. Characters like <, >, and & can be interpreted as HTML tags, so they must be converted to entities. This is the most fundamental method for preventing XSS (Cross-Site Scripting) attacks in web security, and is a mandatory process when displaying user input in HTML content.
📌 Common HTML Entities
| Character | Named Entity | Numeric Entity | Description |
|---|---|---|---|
| < | < | < | Less than |
| > | > | > | Greater than |
| & | & | & | Ampersand |
| " | " | " | Double quote |
| ' | ' | ' | Single quote |
| |   | Non-breaking space |
Frequently Asked Questions
What happens if I skip HTML entity encoding?▼
User input containing tags like <script> can lead to XSS attacks. Entity encoding is a fundamental web security practice.
Named vs numeric entities - what is the difference?▼
Named entities (&lt;) are more readable, while numeric entities (&#60;) are supported by all browsers. Both produce identical results.
Does React handle HTML entity encoding automatically?▼
JSX in React automatically escapes strings to prevent XSS. However, when using dangerouslySetInnerHTML, manual encoding is still required.
What is HTML Entity Converter?
Convert special characters like <, >, &, and quotes to HTML entities (e.g., < > &) and decode entities back to characters. Essential for displaying code in HTML pages safely.