Question 1

Why HTML entities?

Accepted Answer

In HTML, <, >, &, ", ' have special meanings. Outputting user input as-is exposes XSS risks. Convert to <, >, &, ", ' for safety.

Question 2

& vs &#38;?

Accepted Answer

Both represent the & character. Named references (&) are more readable; numeric (&#38;) work everywhere. HTML5 supports both, but some named refs don't work in XML.

Question 3

Different from URL encoding?

Accepted Answer

Yes, completely different. HTML entities are for HTML context (&), URL encoding is for URLs (%26). Mixing them causes double-encoding bugs.

Question 4

Korean as entities?

Accepted Answer

Not needed. UTF-8 HTML supports Korean directly. Only legacy ASCII-only systems need numeric entities like &#54620;.

Question 5

innerHTML vs textContent?

Accepted Answer

Use textContent for user input (auto-escapes). Only use innerHTML for intentional HTML, and always sanitize with an encoder like this.

Char	Named	Numeric	Use
<	<	<	Tag start
>	>	>	Tag end
&	&	&	Entity start
"	"	"	Attribute
'	'	'	Attribute
space			Non-breaking
©	©	©	Copyright
®	®	®	Trademark
€	€	€	Euro

&;HTML Entity

HTML Entity Encoder/Decoder Guide

Common Entities

XSS Prevention Best Practices

🔗Related Tools🔄 Text / Data