XML Escape Unescape

Escape or unescape XML special characters. Convert & < > " ' to/from XML entities.

Home
> Encoder & Decoder >
XML Escape / Unescape

Escape

String to Escape:

Escaped XML String:

Unescape

XML to Unescape:

Unescaped Result:

Escape " Escape ' Escape non-ASCII as &#XXXX;

What is XML Escaping?

XML escaping is the process of converting special characters in XML content to their predefined entity references. According to the XML specification (W3C), five characters must be escaped when used in XML text content or attribute values to maintain well-formed XML.

For example, the string Tom & Jerry said "Hello" becomes Tom & Jerry said "Hello" when properly escaped for XML.

XML Predefined Entities

Character	Entity	Description
`&`	`&`	Ampersand
`<`	`<`	Less than
`>`	`>`	Greater than
`"`	`"`	Double quote
`'`	`'`	Single quote

Note: > escaping is not strictly required in XML text content but is recommended for readability. " is required only in attribute values delimited by double quotes, and ' only in attribute values delimited by single quotes.

How to Use This XML Escape/Unescape Tool

Escape — Type or paste raw XML content into the left panel, then click Escape to convert special characters to XML entities.
Unescape — Type or paste escaped XML content into the right panel, then click Unescape to revert XML entities to their actual characters.
Options — Toggle escaping of " and ' entities, or enable non-ASCII character encoding via &#XXXX; numeric entities.
Swap & Clear — Click Swap to exchange escape/unescape values, Clear All to reset everything.

Common Use Cases

XML/HTML document generation — Ensure text content is properly escaped before embedding in XML or HTML documents.
RSS/Atom feed creation — Escape special characters in feed titles, descriptions, and content before publishing.
SOAP API requests — Properly escape XML payloads when making SOAP web service calls.
Configuration files — Escape values in XML-based config files (Maven POM, Ant build files, Spring config).
XSS prevention — Escape user-generated content before inserting into XML/HTML to prevent injection attacks.

Frequently Asked Questions

What characters must be escaped in XML?

The XML specification requires that & (ampersand) and < (less than) always be escaped in text content. In attribute values, the quote character used to delimit the attribute (" or ') must also be escaped. The > character should be escaped to avoid confusion with the closing ]]> sequence in CDATA sections.

What is the difference between XML escaping and HTML escaping?

XML and HTML share the same five predefined entities (&, <, >, ", '), but HTML also supports many named entities (like © for ©) that XML does not. In XML, only the five predefined entities and numeric character references (©) are valid.

Should I escape both quotes and apostrophes?

It depends on context. In XML attribute values delimited by double quotes, escape " as ". In attribute values delimited by single quotes, escape ' as '. Outside of attribute values, neither needs to be escaped. This tool lets you toggle each independently.

What are numeric character references?

Numeric character references (A for 'A', A for 'A') represent characters by their Unicode code point in decimal or hexadecimal. They are useful for encoding characters that don't have named entities in XML, especially non-ASCII characters.

Can I use this for XHTML?

Yes. XHTML follows XML syntax rules, so the same escaping rules apply. In fact, XHTML requires stricter escaping than regular HTML — all five predefined entities must be used, and self-closing tags are required.