SymbolFYI

HTML Entity

Web & HTML

정의

A string that begins with & and ends with ; used to display reserved or special characters in HTML (e.g., & for &, © for ©).

HTML Entities

HTML entities are special text sequences used in HTML markup to represent characters that either have special meaning in HTML syntax or are not easily typed on a keyboard. They come in three forms: named entities, decimal numeric references, and hexadecimal numeric references. All three produce the same output—the specified Unicode character—but differ in readability and typing convenience.

Three Entity Forms

Named Entities

Named entities use a descriptive name preceded by & and followed by ;:

&amp;    → &   (U+0026 AMPERSAND)
&lt;     → <   (U+003C LESS-THAN SIGN)
&gt;     → >   (U+003E GREATER-THAN SIGN)
&quot;   → "   (U+0022 QUOTATION MARK)
&apos;   → '   (U+0027 APOSTROPHE)
&copy;   → ©   (U+00A9 COPYRIGHT SIGN)
&reg;    → ®   (U+00AE REGISTERED SIGN)
&trade;  → ™   (U+2122 TRADE MARK SIGN)
&euro;   → €   (U+20AC EURO SIGN)
&nbsp;   →     (U+00A0 NO-BREAK SPACE)
&mdash;  → —   (U+2014 EM DASH)
&ndash;  → –   (U+2013 EN DASH)
&hellip; → …   (U+2026 HORIZONTAL ELLIPSIS)

Decimal Numeric References

Numeric references use the decimal Unicode code point:

&#169;   → ©   (U+00A9)
&#8364;  → €   (U+20AC)
&#9731;  → ☃   (U+2603 SNOWMAN)
&#128512; → 😀 (U+1F600 GRINNING FACE)

Hexadecimal Numeric References

Hexadecimal references use &#x followed by the hex code point:

&#xA9;   → ©   (U+00A9)
&#x20AC; → €   (U+20AC)
&#x2603; → ☃   (U+2603)
&#x1F600; → 😀 (U+1F600)

When to Use Entities

Required Escaping

Four characters must be escaped when they appear as literal content in HTML:

<!-- Inside element content -->
&amp;  <!-- instead of & -->
&lt;   <!-- instead of < -->

<!-- Inside attribute values -->
&quot; <!-- inside double-quoted attributes -->
&apos; <!-- inside single-quoted attributes -->

Optional Escaping

In modern UTF-8 encoded HTML, all other characters can be written directly without entities:

<!-- Both are equivalent in UTF-8 HTML -->
<p>Copyright © 2024</p>
<p>Copyright &copy; 2024</p>

<!-- Both are equivalent -->
<p>☃</p>
<p>&#x2603;</p>

Entities are still useful when the source file encoding cannot guarantee correct character storage, or when communicating characters in contexts where Unicode characters might be corrupted (such as some email systems or legacy tools).

HTML5 Named Entity Reference

HTML5 defines 2,231 named character references. The most commonly needed symbols:

Entity	Character	Description
`&hearts;`	♥	Heart suit
`&spades;`	♠	Spade suit
`&check;`	✓	Check mark
`&cross;`	✗	Ballot X
`∞`	∞	Infinity
`∑`	∑	N-ary summation
`⇒`	⇒	Rightwards double arrow
`π`	π	Greek pi

Entities in Code

When generating HTML programmatically, use your language's escaping utilities rather than manual entity replacement:

import html
html.escape('<script>alert("XSS")</script>')
# → '&lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt;'

html.unescape('&copy; 2024')
# → '© 2024'

// No built-in, but a common pattern:
function escapeHtml(str) {
  return str
    .replace(/&/g, '&amp;')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/"/g, '&quot;');
}

Django templates auto-escape by default; use {{ value|safe }} only when the value is already trusted HTML.