Encode and decode HTML special characters as entities
HTML entities are escape sequences used to represent special characters in HTML documents. Since characters like <, >, and & have syntactic meaning in HTML, using them directly would cause the browser to misinterpret them as tags or directives — entities provide a safe alternative.
| Character | Named Entity | Numeric Entity |
|---|---|---|
< |
< |
< |
> |
> |
> |
& |
& |
& |
" |
" |
" |
' |
' |
' |
|
|
  |
© |
© |
© |
Why escape: Prevents the browser from parsing < > as tags; prevents XSS — always escape user input before inserting it into HTML.
React/Vue text nodes escape automatically; manual handling is needed when using
innerHTML/dangerouslySetInnerHTML.
<div> in HTML without it being parsed as an actual elementNamed entities (e.g., &) are more readable but not every character has a named form. Numeric entities (e.g., &) cover all Unicode characters with broader compatibility. In production, use named entities for the 5 critical characters (<>&"').
When using JSX text nodes or template interpolation ({{ }}), the framework escapes automatically. However, content inserted via dangerouslySetInnerHTML or v-html is NOT auto-escaped — you must handle it manually or use a library like DOMPurify.
and a regular space? (non-breaking space) won't be collapsed by the browser and prevents line breaks at that position. Regular spaces are collapsed — multiple consecutive spaces render as one. Use when you need to preserve multiple spaces.