HTML Entities

HTML entities are special codes used to represent characters that have special meaning in HTML or that cannot be easily typed. They start with an ampersand (&) and end with a semicolon (;). For example, &lt; represents the less-than sign (<) and &amp; represents the ampersand (&).

The most commonly used HTML entities are &amp; (ampersand), &lt; (less than), &gt; (greater than), &quot; (double quote), &#39; (single quote/apostrophe), and &nbsp; (non-breaking space). These are essential for displaying special characters safely in HTML.

HTML encoding is necessary to display special characters correctly in web pages. Without encoding, characters like <, >, and & would be interpreted as HTML markup instead of being displayed as text. Encoding also prevents cross-site scripting (XSS) attacks by neutralizing potentially malicious code.

Named entities use a descriptive name (like &amp; for ampersand), while numeric entities use the character's Unicode code point in decimal (&#38;) or hexadecimal (&#x26;) format. Named entities are more readable, but numeric entities can represent any Unicode character.

HTML encoding prevents XSS (Cross-Site Scripting) attacks by converting characters like < and > into their entity equivalents (&lt; and &gt;). This ensures that any user-supplied content is displayed as text rather than being interpreted as executable HTML or JavaScript code.