HTML encoding

HTML encoding is the process of converting special characters into a format that web browsers can safely display as text, rather than interpreting them as part of the HTML structure. It's an essential technique in web security to prevent user input from being executed as code, which is particularly important for avoiding vulnerabilities like Cross-Site Scripting (XSS).

As per HTML specification, all characters references must start with an ampersand (&) sign, this can be followed by multiple variations such as decimal and hexadecimal encoding.

Here are various ways to represent these characters:

Character
Named Entity
Decimal Encoding
Hexadecimal Encoding

<

&lt;

&#60;

&#X3C;

>

&gt;

&#62;

&#X3e;

'

&apos;

&#39;

&#X27;

"

&quot;

&#34;

&#X22;

References:

Last updated

Was this helpful?