XML Escape
Escape XML special characters so text is safe inside markup. It runs entirely on your device — nothing is uploaded.
Example
How it works
Characters like <, > and & are replaced with their XML entities.
Good to know
XML Escape converts the characters that have special meaning in XML — chiefly the ampersand (&), less-than (<) and greater-than (>) signs, and often the single and double quote — into their named entity equivalents (&, <, >, ', "). It is built for developers, technical writers, and anyone hand-editing XML, RSS/Atom feeds, SVG, SOAP messages, Android string resources, or XML-based config files who needs to drop arbitrary text into an element or attribute without breaking the document's structure.
Reach for it whenever raw text contains characters a parser would otherwise treat as markup. The classic case is putting source code, math expressions, or URLs with query strings inside an element: an unescaped & or < will throw a "not well-formed" error or silently truncate your content. Escaping first guarantees the value is interpreted as literal text rather than the start of a tag or entity.
Reading the result is straightforward — compare input to output and you should see only the reserved characters changed; everything else, including letters, numbers, and whitespace, passes through untouched. If your output looks identical to the input, that simply means the text contained no characters that needed escaping.
- Escape only once. Running already-escaped text through again turns
< into &lt;, a common double-encoding bug that shows up as visible entity codes in the rendered output. - For text going into an attribute value, make sure quotes are escaped to match your delimiter; for element content, escaping
&, <, and > is usually enough.
Frequently asked questions
Is my data uploaded anywhere?
No — everything runs in your browser. Your code never leaves your device, so it's safe for private work and runs offline once loaded.
Is this tool free?
Yes, completely free with no sign-up and no limits.
People also ask
What characters need to be escaped in XML?
XML defines five reserved characters: ampersand (&), less-than (<), greater-than (>), single quote ('), and double quote ("). The ampersand and less-than sign must always be escaped in content; the others are escaped depending on context, such as inside attribute values.
What is the difference between XML escaping and HTML escaping?
They overlap but are not identical. XML defines only five named entities (&, <, >, ', "), while HTML supports hundreds of named entities like and ©. Notably, ' is valid in XML but was not part of HTML4, so escaping for one format does not guarantee validity in the other.
How do I reverse XML escaping?
Use an XML unescape (or decode) tool, which converts entities like &lt; back into their original characters such as <. CalcCafe offers a companion XML Unescape tool for this purpose.
Can I use numeric character references instead of named entities?
Yes. XML supports decimal references like < and hexadecimal references like < in place of named entities like <. Numeric references are useful for characters that have no named entity, though for the five reserved characters the named forms are more readable.
Do I need to escape characters inside a CDATA section?
No. Text inside a <![CDATA[ ... ]]> block is treated as literal character data, so reserved characters like < and & do not need escaping there. The one exception is that the sequence ]]> cannot appear inside the CDATA section itself.
Why does my XML show &lt; instead of < after escaping?
That is double-encoding: text that was already escaped got escaped a second time, turning < into < and then into &lt;. Escape source text only once, and avoid escaping values that a library or framework has already encoded for you.
Is escaping required for non-ASCII or Unicode characters in XML?
Generally no, as long as the document's declared encoding (commonly UTF-8) supports those characters; they can appear literally. Numeric character references are an optional way to represent them when the encoding cannot, or for clarity.
Related tools