Convert special characters to HTML entities and back. Supports named (&), numeric (&), and hex (&) formats.
&), Decimal (&), or Hex (&).The reserved HTML characters &, <, >, ", and ' are always encoded, plus any character above codepoint 127 (non-ASCII). ASCII letters, digits, and punctuation are left alone.
When applied at render time to all user-supplied output, yes — encoding turns injected <script> tags into visible text. Context matters though: strings inside JS, CSS, or URLs need different encodings.
All three represent the ampersand. & is the named entity, & is decimal, and & is hex. Named entities are most readable; numeric forms work even when a parser does not know the named version.