Encode special characters to prevent XSS attacks. View HTML source code and protect web application security
| Character | NamedEntity | Numeric | Description |
|---|---|---|---|
| & | & | & | and th |
| < | < | < | Less than sign |
| > | > | > | Greater than sign |
| " | " | " | Double quote |
| ' | ' | ' | Single quote |
| |   | Space | |
| © | © | © | Copyright |
| ™ | ™ | ™ | Trademark |
What is XSS?
Cross-Site Scripting (XSS) is an attack where malicious scripts are injected into web pages. HTML entity encoding of user input is the most basic defense.
What is the difference between named and numeric entities?
Named entities like & are more readable. Numeric entities like & support any Unicode character and have better compatibility.