What are HTML Entities?

HTML entities are special codes that represent characters that have special meaning in HTML or that are not available on the keyboard. They start with & and end with ; (named format) or use numeric codes.

Why Use Them?

Security: Prevent HTML/JavaScript injection attacks (XSS)
Correct display: Show < > & literally
Compatibility: Ensure rendering on all browsers
Special characters: Display symbols not available on keyboard

Most Common Entities

< (less than) → < or <

> (greater than) → > or >

& (ampersand) → & or &

" (double quote) → " or "

' (single quote) → ' or '

non-breaking space →   or  

® (registered) → ® or ®

€ (euro) → € or €

™ (trademark) → ™ or ™

Portuguese Accents

á → á

à → à

â → â

ã → ã

é → é

ê → ê

í → í

ó → ó

ô → ô

õ → õ

ú → ú

ç → ç

Use Cases

XSS Security: Sanitize user input before displaying
Source code: Display HTML examples on web pages
HTML emails: Ensure compatibility across email clients
XML/RSS: Escape special characters in feeds
Meta tags: Use quotes in HTML attributes
Mathematics: Symbols like ∑ ∫ √ ≠

Security Example (XSS)

⚠️ Malicious user input:

<script>alert('Hacked!');</script>

✅ After conversion to entities (safe):

&lt;script&gt;alert('Hacked!');&lt;/script&gt;

The code is displayed as text, not executed!

Entity Formats

Named

Numeric

Work for any Unicode character

UTF-8 vs Entities

💡 Modern Practice: With UTF-8 as the default charset, accents and common symbols can be used directly. Use entities mainly for:
• Reserved HTML characters (< > &)
• XSS Prevention
• Mathematical/special symbols

Useful Symbols

→ →

← ←

↑ ↑

↓ ↓

♥ &hearts;

♠ &spades;

♣ &clubs;

♦ &diams;

• •

… …

— —

– –

🔒 Security: Always escape user output in web applications to prevent XSS attacks. Use functions specific to your language/framework.

HTML Entities Converter