obfus.link

HTML Encoder converts the characters &, <, >, double-quote, and apostrophe to entities using named, numeric, or hex formats. Context-aware mode detects the embedding context (JSON, XML, URL, or raw HTML) and applies the correct escaping for that specific context, eliminating the double-encoding bugs that occur when developers apply the wrong encoding for the target context.

Tier 1encoders✓ TDD Verified

HTML Encoder

Encode and decode HTML entities with context-aware mode

How to use

  1. Paste HTMLDrop in the HTML content to encode or the entity-encoded string to decode.
  2. Choose modeencode converts characters to entities. decode converts entities back to characters.
  3. Select entity formatnamed (&amp;), numeric (&#38;), or hex (&#x26;). Named is most readable.
  4. Enable context-aware (optional)Auto-detects whether HTML is embedded in JSON, XML, or URL and applies the correct escaping.
  5. Override context (optional)Force a specific embedding context if auto-detection picks the wrong one.
  6. Encode or decodeClick Run or press Ctrl+Enter. Output appears with entity count and warnings.
Read technical article

MCP / API

Call html_encoder directly from any MCP-compatible agent:

// MCP TypeScript SDK
const result = await client.callTool({
  name: "html_encoder",
  arguments: {
    "html": "...",
    "mode": "encode"
  }
});

// curl
curl -X POST https://obfus.link/mcp \
  -H "Authorization: Bearer <SPT>" \
  -H "Content-Type: application/json" \
  -d '{"method":"tools/call","params":{"name":"html_encoder","arguments":{"html":"...","mode":"encode"}}}'

Related tools

Base64 Codec
Encode, decode, and identify base64 with auto-detection
String Escaper
Escape strings for JSON, SQL, HTML, regex, shell, URI, CSV, XML
URL Parser
Parse any URL into components with deep query decoding and security analysis

FAQ

What characters does HTML encoding affect?

The five HTML5 special characters: & (&amp;), < (&lt;), > (&gt;), " (&quot;), and apostrophe (&#39;). Named entities use these. Numeric entities use decimal codepoints (&#38;). Hex entities use hex codepoints (&#x26;). All three are valid HTML5.

What is context-aware encoding?

When HTML must be embedded in another format (JSON, XML, or URL), the wrong encoding causes broken output or security bugs. Context-aware mode detects the embedding context and applies JSON-string escaping inside JSON, attribute escaping inside XML, or percent-encoding inside URLs — instead of just standard HTML entities.

When should I use named vs numeric vs hex entities?

Named entities (&amp;) are most readable and supported in HTML5. Numeric and hex entities are more compact and unambiguous in older XML/SGML contexts. Use named for human-readable output, numeric or hex for machine-to-machine pipelines.

Does the tool warn about script content?

Yes. If the input contains <script>, on* attribute handlers, or javascript: URLs, a warning is returned alongside the encoded output. Encoding alone does not sanitize untrusted HTML — use a dedicated sanitizer (DOMPurify) for that.

Can I use this tool via the MCP API?

Yes. The tool is registered on the obfus.link MCP server at https://obfus.link/mcp. Call it from any MCP-compatible agent with a Shared Payment Token. The MCP tool name matches the snake_case slug shown in the integration snippet.