Converts special characters in text to HTML entities for safe display in web pages. Access via MCP in Cursor or Windsurf, or call GET /v1/encode/html/encode with your text. Transforms `<script>` into `<script>` and handles quotes, ampersands, and other HTML-sensitive characters. Essential for preventing XSS attacks and displaying user content safely.
curl "https://tinyfn.io/v1/encode/html/encode" \
-H "X-API-Key: YOUR_API_KEY"const response = await fetch('https://tinyfn.io/v1/encode/html/encode', {
headers: { 'X-API-Key': 'YOUR_API_KEY' }
});
const data = await response.json();
console.log(data);import requests
response = requests.get('https://tinyfn.io/v1/encode/html/encode',
headers={'X-API-Key': 'YOUR_API_KEY'})
data = response.json()
print(data)Connect your AI agent (Claude, Cursor, Windsurf, etc.) to TinyFn's encoding tools:
{
"mcpServers": {
"tinyfn-encoding": {
"url": "https://tinyfn.io/mcp/encoding",
"headers": {
"X-API-Key": "YOUR_API_KEY"
}
}
}
}Encodes <, >, &, ", and ' into <, >, &, ", and ' respectively. Also handles other special characters that could break HTML structure.
Call the html_encode tool with your text string. Works in Cursor, Claude Code, Copilot, Windsurf, Cline, OpenClaw, and Zed through MCP.
No. HTML encoding escapes characters for safe HTML display (< for <), while URL encoding handles characters for URLs (%20 for spaces).
HTML encoding is one layer of XSS prevention for displaying user content in HTML. Always combine with proper content security policies and input validation.
Both are valid HTML entities. This tool uses ' for single quotes as it works in all contexts, while ' has limited XML support.