LibraTool logoLibraTool
🏷️
🧼

Sanitise User Input for HTML Output

Encode user-provided strings before inserting them into HTML — prevents XSS injection attacks.

Aucune connexion requise
Output:
Examples:
Plain text / HTML
Encoded HTML
Output will appear here…
Common HTML entities reference
&&
<&lt;
>&gt;
"&quot;
'&#39;
·&nbsp;
©&copy;
®&reg;
&trade;
&euro;
&mdash;
&hellip;

Security tips

🧼

Paste any user input here to see exactly which characters get encoded. < becomes &lt;, > becomes &gt;, & becomes &amp; — all rendered as text, not HTML.

🛡️

Cross-Site Scripting (XSS) attacks inject <script> tags via user input fields. Encoding all user output is the primary defense.

💡

Always encode on output (when rendering), not on input (when saving). Store raw data, encode when displaying — this avoids double-encoding bugs.

🔍

Test with payloads like <script>alert(1)</script> and onmouseover="alert(1)" to verify your encoding catches all attack vectors.

Comment ça marche

1
Saisir
Enter your data into the tool above. Everything stays local to your browser.
2
Traiter
The tool processes your data instantly in your browser using JavaScript. No server, no waiting.
3
Télécharger
Get your result instantly. Nothing is stored after you leave the page — complete privacy.

Pourquoi utiliser le nôtre ?

Entièrement gratuit — sans coûts cachés, jamais
Aucun compte, e-mail ou connexion requis
Les fichiers ne quittent jamais votre appareil
Aucune limite de taille de fichier
Aucun filigrane sur aucun résultat

Also check out…

📡

Encode Content for RSS Feeds

Encode HTML content for RSS feed item descriptions

📧

Encode Special Characters for HTML Email

Encode characters like &, <, >, and © as HTML enti

🌐

Encode User Content for Web Display

Prevent XSS attacks by encoding user-generated con

📄

Encode Content for XML

Encode special characters for XML files, RSS feeds

Questions fréquemment posées

Back to HTML Encoder & Decoder