Home / Blog / HTML Encode API
Tutorial

HTML Encode API: The Complete Guide

Published: January 21, 2026 · 5 min read

Need to encode special characters as HTML entities? This guide covers everything you need to know about HTML encoding via API, including security implications and proper usage.

What is HTML Encoding?

HTML encoding converts special characters into their HTML entity equivalents. This prevents browsers from interpreting characters as HTML markup and is essential for displaying user-generated content safely.

Example: "<" becomes "&lt;" and "&" becomes "&amp;"

Common HTML Entities

Key characters that need encoding:

  • < becomes &lt;
  • > becomes &gt;
  • & becomes &amp;
  • " becomes &quot;
  • ' becomes &#39; or &apos;
Security Note: HTML encoding is crucial for preventing XSS (Cross-Site Scripting) attacks when displaying user input in HTML pages.

Using the HTML Encode API

TinyFn provides a simple endpoint to encode HTML:

API Request 
POST https://api.tinyfn.io/v1/text/html-encode
Headers: X-API-Key: your-api-key
Content-Type: application/json

{
  "text": "<script>alert('XSS')</script>",
  "encode_all": false
}
Response 
{
  "encoded": "&lt;script&gt;alert(&#39;XSS&#39;)&lt;/script&gt;",
  "original_length": 28,
  "encoded_length": 52
}

Parameters

Parameter Type Description
text string The text to encode (required)
encode_all boolean Encode all non-ASCII characters (default: false)
use_named boolean Use named entities when available (default: true)

Code Examples

JavaScript / Node.js

const response = await fetch(
  'https://api.tinyfn.io/v1/text/html-encode',
  {
    method: 'POST',
    headers: {
      'X-API-Key': 'your-api-key',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      text: '<script>alert("XSS")</script>'
    })
  }
);
const result = await response.json();
console.log(result.encoded); // Safe HTML entities

Python

import requests

response = requests.post(
    'https://api.tinyfn.io/v1/text/html-encode',
    headers={'X-API-Key': 'your-api-key'},
    json={'text': '<script>alert("XSS")</script>'}
)
result = response.json()
print(result['encoded'])  # Safe HTML entities

cURL

curl -X POST "https://api.tinyfn.io/v1/text/html-encode" \
  -H "X-API-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"text": "<script>alert(\"XSS\")</script>"}'

Common Use Cases

  • XSS Prevention: Sanitize user input before display
  • Code Display: Show HTML code as text in web pages
  • Email Templates: Safely include dynamic content
  • Data Export: Prepare content for HTML documents
  • Content Management: Store safe versions of user content

Best Practices

  1. Always encode user input: Never trust user-provided content
  2. Encode at output: Encode when displaying, not when storing
  3. Context matters: Different contexts need different encoding
  4. Don't double-encode: Avoid encoding already-encoded content

Use via MCP

Your AI agent can call this tool directly via Model Context Protocol — no HTTP code needed. Add TinyFn to Claude Desktop, Cursor, or any MCP client:

{
  "mcpServers": {
    "tinyfn-text": {
      "url": "https://api.tinyfn.io/mcp/text/",
      "headers": {
        "X-API-Key": "your-api-key"
      }
    }
  }
}

See all text analysis tools available via MCP in our Text Analysis MCP Tools for AI Agents guide.

Try the HTML Encode API

Get your free API key and start encoding HTML in seconds.

Get Free API Key

Related Articles

Ready to try TinyFn?

Get your free API key and start building in minutes.

Get Free API Key