HTML Encode

HTML encoding converts special characters to HTML entities so they display correctly in web pages. < becomes &lt;, > becomes &gt;, & becomes &amp;, " becomes &quot;. This prevents browsers from interpreting them as HTML tags.

HTML encoding prevents Cross-Site Scripting (XSS) attacks. Without encoding, user input like <script>alert("hack")</script> would execute as JavaScript. Encoding converts it to harmless display text.

Essential: < > & " ' (the five special HTML characters). Optional but recommended: non-ASCII characters like © (©), em dash (—), and curly quotes. The encoder handles all characters that could cause display or security issues.

You can, but typically you only encode user-generated content or text that will be inserted into HTML. Encoding an entire document would convert all tags to visible text. The encoder is designed for text content, not full HTML documents.

They are essentially the same concept. "Encoding" converts characters to entity references. "Escaping" is the broader term for making special characters safe. In HTML context, both refer to replacing < > & " with their entity equivalents.