HTML encoding

HTML encoding is the process of converting special characters into a format that web browsers can safely display as text, rather than interpreting them as part of the HTML structure. It's an essential technique in web security to prevent user input from being executed as code, which is particularly important for avoiding vulnerabilities like Cross-Site Scripting (XSS).

As per HTML specification, all characters references must start with an ampersand (&) sign, this can be followed by multiple variations such as decimal and hexadecimal encoding.

Here are various ways to represent these characters:

Character

Named Entity

Decimal Encoding

Hexadecimal Encoding

<

&#X3C;

>

&#X3e;

'

&#X27;

"

&#X22;

References:

W3C - HTML Encoding: https://www.w3schools.com/Html/html_charset.asp

PreviousURL encoding NextBase 64 encoding

Last updated 9 months ago

Was this helpful?