XML

XML escape

Q: Why must & be escaped before other characters?

If you escape < first (producing &lt;), then escape &, you'd incorrectly double-escape the ampersand in &lt; to &amp;lt;. Always escape & first — or use a tool that handles the order correctly, as this one does.

Q: Does this tool send my data to a server?

No. It runs entirely in your browser. Nothing is uploaded.

Q: Is this sufficient for preventing XML injection?

For text content and attribute values, yes. Production systems should also validate input structure and enforce schemas.

Q: Can I use this for HTML content too?

The five characters handled here are valid for both XML and HTML. For full HTML entity encoding, use the HTML escape tool.

Try it

&lt;tag attr=&quot;a&quot;&gt;

Escape &, <, >, quotes for XML.

Loading…

Guide

How to use this tool, examples, and related tips.

How to Use the XML Escape Tool

Paste your raw string into the input field.

The tool escapes all XML-reserved characters — &, <, >, ", and ' — replacing them with their entity equivalents.

Copy the escaped string and insert it into your XML document.

What Is XML Escaping?

XML escaping is the process of replacing characters that carry structural meaning in XML with their entity reference equivalents, so they're treated as literal data rather than markup. It is functionally identical to XML encoding — the terms are interchangeable. The key characters are & (must always be escaped first), <, >, ", and '. Unescaped reserved characters in XML text or attribute values will cause parse errors or, worse, silently corrupt the document's structure.

When to Use This Tool

Inserting dynamic content into XML templates — Any variable content going into an XML document should be escaped before insertion.

Building SOAP request bodies — SOAP uses XML; any string values in the payload must be properly escaped.

Sanitizing data for XML storage — Escape strings before writing them into XML-based storage formats or config files.

Working with XML-based configuration systems — Tools like Maven, Ant, and many CI/CD systems use XML configs where values must be properly escaped.

Related Tools

XML unescape
XML encoder
XML validator
HTML escape
JSON escape

FAQ

Answers about this tool and how your data is handled.

What is the difference between XML escape and XML encode?

They are the same operation. Both replace &, <, >, ", and ' with XML entity references. The tools may be presented separately for discoverability, but the output is identical.

Why must & be escaped before other characters?

If you escape < first (producing <), then escape &, you'd incorrectly double-escape the ampersand in < to &lt;. Always escape & first — or use a tool that handles the order correctly, as this one does.

Does this tool send my data to a server?

No. It runs entirely in your browser. Nothing is uploaded.

Is this sufficient for preventing XML injection?

For text content and attribute values, yes. Production systems should also validate input structure and enforce schemas.

Can I use this for HTML content too?

The five characters handled here are valid for both XML and HTML. For full HTML entity encoding, use the HTML escape tool.

同じカテゴリを優先し、その他のユーティリティを表示します。

Try it

Guide

How to Use the XML Escape Tool

What Is XML Escaping?

When to Use This Tool

Related Tools

FAQ

関連ツール

Try it