DEV Community

Cover image for HTML Decode vs HTML Encode – Complete Guide
Kalpesh Meniya
Kalpesh Meniya

Posted on • Originally published at meniya.com

HTML Decode vs HTML Encode – Complete Guide

#javascript #html #security #webdev

Welcome to the HTML Decode vs. HTML Encode guide!

This article explains the differences between HTML encoding and decoding, how they work, and when to use each.

The contents here are based on the full article published on Meniya.com.

Table of Contents

Introduction

In web development, HTML encoding and decoding are crucial for ensuring that content displayed on websites is rendered properly and securely.

Whether you’re dealing with user input or dynamic content, understanding the difference between encoding and decoding HTML entities helps ensure data safety and correctness.

This guide will explain both concepts in detail and show when to use HTML encoding or decoding.

What is HTML Encoding?

HTML encoding converts special characters like <, >, &, and " into their corresponding HTML entity codes.

It helps:

  • Display HTML special characters properly
  • Prevent XSS (Cross-Site Scripting) attacks by neutralizing malicious input

For example:

<&lt;

Example 

&lt;div&gt;This is a div&lt;/div&gt;
Enter fullscreen mode Exit fullscreen mode

What is HTML Decoding?

HTML decoding is the process of converting HTML entity codes back into their original characters.

It’s used to display encoded HTML entities as readable text.

For example:

&lt;<

Example 

<div>This is a div</div>
Enter fullscreen mode Exit fullscreen mode

When to Use HTML Encoding vs. HTML Decoding

  • HTML Encoding: When displaying user-generated or dynamic content to prevent HTML injection and XSS.
  • HTML Decoding: When rendering or displaying already encoded HTML safely in the browser.

Common Use Cases for HTML Encoding

  • Displaying user input safely
  • Preventing XSS attacks
  • Displaying code snippets or special symbols

Example

If a user submits:

<script>alert('Hacked!');</script>
Enter fullscreen mode Exit fullscreen mode

It can be encoded as:

&lt;script&gt;alert(&#39;Hacked!&#39;);&lt;/script&gt;
Enter fullscreen mode Exit fullscreen mode

Common Use Cases for HTML Decoding

  • Display previously encoded text in readable form
  • Render dynamic HTML that includes encoded entities
  • Convert encoded characters for display

HTML Encode and Decode Functions in JavaScript

You can create your own functions or use built-in browser methods to encode and decode HTML entities.

HTML Encoding Function (JavaScript) 

function htmlEncode(str) {
  var element = document.createElement('div');
  if (str) {
    element.innerText = str;
    element.textContent = str;
  }
  return element.innerHTML;
}
Enter fullscreen mode Exit fullscreen mode

HTML Decoding Function (JavaScript) 

function htmlDecode(str) {
  var element = document.createElement('div');
  if (str) {
    element.innerHTML = str;
  }
  return element.innerText || element.textContent;
}
Enter fullscreen mode Exit fullscreen mode

Best Practices

  • Encode user input before displaying it.
  • Use secure encoding methods to avoid script execution.
  • Use built-in browser methods like textContent and innerHTML safely.

References

Top comments (0)