If you use an appropriate class or library, they will do the escaping for you. Many XML issues are caused by string concatenation.
XML escape characters
There are only five:
" "
' '
< <
> >
& &
Escaping characters depends on where the special character is used.
The examples can be validated at the W3C Markup Validation Service.
Text
The safe way is to escape all five characters in text. However, the three characters ", ' and > needn't be escaped in text:
<?xml version="1.0"?>
<valid>"'></valid>
Attributes
The safe way is to escape all five characters in attributes. However, the > character needn't be escaped in attributes:
<?xml version="1.0"?>
<valid attribute=">"/>
The ' character needn't be escaped in attributes if the quotes are ":
<?xml version="1.0"?>
<valid attribute="'"/>
Likewise, the " needn't be escaped in attributes if the quotes are ':
<?xml version="1.0"?>
<valid attribute='"'/>
Comments
All five special characters must not be escaped in comments:
<?xml version="1.0"?>
<valid>
<!-- "'<>& -->
</valid>
CDATA
All five special characters must not be escaped in CDATA sections:
<?xml version="1.0"?>
<valid>
<![CDATA["'<>&]]>
</valid>
Processing instructions
All five special characters must not be escaped in XML processing instructions:
<?xml version="1.0"?>
<?process <"'&> ?>
<valid/>
XML vs. HTML
HTML has its own set of escape codes which cover a lot more characters.
Answer from Welbog on Stack Overflow Top answer 1 of 10
1710
If you use an appropriate class or library, they will do the escaping for you. Many XML issues are caused by string concatenation.
XML escape characters
There are only five:
" "
' '
< <
> >
& &
Escaping characters depends on where the special character is used.
The examples can be validated at the W3C Markup Validation Service.
Text
The safe way is to escape all five characters in text. However, the three characters ", ' and > needn't be escaped in text:
<?xml version="1.0"?>
<valid>"'></valid>
Attributes
The safe way is to escape all five characters in attributes. However, the > character needn't be escaped in attributes:
<?xml version="1.0"?>
<valid attribute=">"/>
The ' character needn't be escaped in attributes if the quotes are ":
<?xml version="1.0"?>
<valid attribute="'"/>
Likewise, the " needn't be escaped in attributes if the quotes are ':
<?xml version="1.0"?>
<valid attribute='"'/>
Comments
All five special characters must not be escaped in comments:
<?xml version="1.0"?>
<valid>
<!-- "'<>& -->
</valid>
CDATA
All five special characters must not be escaped in CDATA sections:
<?xml version="1.0"?>
<valid>
<![CDATA["'<>&]]>
</valid>
Processing instructions
All five special characters must not be escaped in XML processing instructions:
<?xml version="1.0"?>
<?process <"'&> ?>
<valid/>
XML vs. HTML
HTML has its own set of escape codes which cover a lot more characters.
2 of 10
118
New, simplified answer to an old, commonly asked question...
Simplified XML Escaping (prioritized, 100% complete)
Always (90% important to remember)
- Escape
<as<unless<is starting a<tag/>or other markup. - Escape
&as&unless&is starting an&entity;.
- Escape
Attribute Values (9% important to remember)
attr="'Single quotes'are ok within double quotes."attr='"Double quotes"are ok within single quotes.'- Escape
"as"and'as'otherwise.
Comments, CDATA, and Processing Instructions (0.9% important to remember)
<!--Within comments-->nothing has to be escaped but no--strings are allowed.<![CDATA[Within CDATA]]>nothing has to be escaped, but no]]>strings are allowed.<?PITargetWithin PIs?>nothing has to be escaped, but no?>strings are allowed.
Esoterica (0.1% important to remember)
- Escape control codes in XML 1.1 via Base64 or Numeric Character References.
- Escape
]]>as]]>unless]]>is ending a CDATA section.
(This rule applies to character data in general – even outside a CDATA section.)
FreeFormatter
freeformatter.com › xml-escape.html
Free Online XML Escape / Unescape Tool - FreeFormatter.com
A free online tool to escape or unescape XML documents and files
How do I escape ampersands in XML so they are rendered as entities in HTML? - Stack Overflow
The & character is itself an escape character in XML so the solution is to concatenate it and a Unicode decimal equivalent for & thus ensuring that there are no XML parsing errors. That is, replace the character & with &. ... I really prefer this solution! Should also be possible to use the hexadecimal notation: & 2014-04-26T03:24:29.107Z+00:00 ... Logically, why would this work? Both strings ... More on stackoverflow.com
XSLT How Do I Handle XML Escape Characters?
There are a number of possible solutions here, and the first one that springs to mind is the old-fashioned method of doing a pre-process in another language that resolves the escaped pointy brackets and so forth.  Another possibility is to use the unparsed-text() function and turn it into xml in memory as a variable and run your templates on the variables. This is only a better solution if your escaped characters are within specific elements or if memory isn’t an issue. More on reddit.com
23
3
February 3, 2021special characters inside XML values breaks XML
Within an XML attribute, the characters < and &, as well as either ' or " depending on which attribute value delimiters you used, must be escaped. Typically one would escape all of these, along with >. To escape these characters, you can use entity references or character references. For instance, & should be be replaced with & or & or &. See the XML specification , in particular the AttValue production . Your XML library should probably handle all of this for you. If not, get a better library. More on reddit.com
6
1
March 23, 2020How to escape special characters in docker-compose.yml
I would also double check your compose syntax. It doesn't look quite right to me. Especially around defining the env var. More on reddit.com
8
5
June 4, 2021How do you escape data in XML?
To escape data in XML, you must replace any special characters with their corresponding escape sequence. For example, the < character should be replaced with <, and the > character should be replaced with >. This can be done manually or through programming language functions or XML editor tools.
testmu.ai
testmu.ai › home › free tools › xml escape
XML Escape Free Online | Free online tool to convert plain XML ...
What is the difference between XML and HTML escape?
Although XML and HTML share the same set of special characters, they have slightly different escape sequences. While the single quote (') character in XML can only be escaped with ', it can be escaped with either ' or ' in HTML. In addition, a few additional escape sequences used in HTML but not in XML include those for non-breaking spaces.
testmu.ai
testmu.ai › home › free tools › xml escape
XML Escape Free Online | Free online tool to convert plain XML ...
What is the XML format?
XML (Extensible Markup Language) is a markup language used to define and structure data in a human-readable and machine-readable format. It consists of elements, attributes, and text content enclosed in tags, which describe the structure and content of the data.
testmu.ai
testmu.ai › home › free tools › xml escape
XML Escape Free Online | Free online tool to convert plain XML ...
Fastly
fastly.com › documentation › reference › vcl › functions › strings › xml-escape
xml_escape | Fastly Documentation
Navigate to... ... Available inall subroutines. Escapes characters from a string using XML-style escape sequences.
Liquid Technologies
liquid-technologies.com › Reference › Glossary › XML_EscapingData.html
Escaping XML Data
Escaping XML Data Adding control characters ('<', '>', ''', '"', '&') into xml data can cause the parser to miss understand the resulting data. The solution is to escape the control characters so that the parser can interpret them correc
Advanced Installer
advancedinstaller.com › user-guide › xml-escaped-chars.html
XML escaped characters
For example, if you add an existing XML file or create a new one in your project and insert a special XML character in one of its elements, let's say < character, when you will build the project, Advanced Installer will automatically escape this character, replacing it with <. The result is that the XML document installed by the built package will contain the escaped character making possible the correct interpretation of the XML code.
GeeksforGeeks
geeksforgeeks.org › javascript › how-to-escape-characters-in-xml
How to Escape Characters in XML ? - GeeksforGeeks
July 23, 2025 - In this approach, we are using the replace() method with a regular expression to search for characters <, >, ", ', and & in the XML data and replace them with their respective XML entities (<, >, ", ', &). Example: The below ...
JSON Formatter
jsonformatter.org › xml-escape
Best XML Escape characters tool
Online XML Escape characters tool to escape ampersand,quote and all special characters.
Oracle
docs.oracle.com › cd › A97335_02 › apps.102 › bc4j › developing_bc_projects › obcCustomXml.htm
Using Special Characters in XML
When you use wizards to customize any string in your XML file, you can use the following special symbols: <, >, &, ', ".
Testmu
testmu.ai › home › free tools › xml escape
XML Escape Free Online | Free online tool to convert plain XML content to escaped HTML.
As a result, the XML document might need to be correctly parsed. By substituting them with the corresponding escape sequence using XML Escape, the special characters in an XML document can be correctly interpreted by the XML parser.
ServiceNow Community
servicenow.com › community › developer-forum › escaping-special-characters-in-xml › m-p › 2090226
Escaping special characters in XML - ServiceNow Community
June 1, 2021 - setStringParameter() -> to set simple string values such as sys_created_by which won't have special characters · XML reserved characters in the value are converted to the equivalent escaped characters.
Code Beautify
codebeautify.org › xml-escape-unescape
XML Escape and XML Unescape Online Tool
XML Unescape is easy to use tool to unescape XML and converts to plain XML to unescaped xml which helps to show xml text in XML in <pre> tag.
Avajava
avajava.com › tutorials › lessons › how-do-i-escape-a-string-for-xml.html
How do I escape a String for XML? - Web Tutorials - avajava.com
This Java example shows how to escape a String for XML using StringEscapeUtils.
Top answer 1 of 10
488
When your XML contains &amp;, this will result in the text &.
When you use that in HTML, that will be rendered as &.
2 of 10
224
As per §2.4 of the XML 1.0 spec, you should be able to use &.
I tried & but this isn't allowed.
Are you sure it isn't a different issue? XML explicitly defines this as the way to escape ampersands.
Testmuai
testmuai.com › home › free tools › xml escape
XML Escape Free Online | Free online tool to convert plain XML content to escaped HTML.
Tags, attributes, and other elements in an XML document are represented by these characters. XML Escape is necessary to avoid conflicts between an XML document's content and its syntax. For instance, the XML parser will interpret the special character "" as the start of a new tag rather than as a literal character if it appears in the content of an XML document.
tools
tools.fromdev.com › xml-escape-unescape.html
XML Escape UnEscape Online Developer Tools - FROMDEV
But in case your data contains ... Below sample list can give you a idea of what this means. That is easy. Just type the character or a full string in the text box above and hit Escape button....
Coderanch
coderanch.com › t › 553681 › languages › Escape-XML-special-characters
Escape XML special characters? (XML forum at Coderanch)
One benefit of that would be that it is clear that the data contains "&", and not "&amp;" - otherwise that may not be obvious to someone who processes that XML. ... It is just as well for me too. ... Just a comment: if you're using the org.w3c.dom packages, then generally speaking you don't need to concern yourself with escaping those characters. For example is perfectly legitimate and you don't need to escape that ampersand. Escaping only applies when an XML document is serialized to an external format -- i.e.
W3Schools
w3schools.io › xml-escape-characters
Learn Which characters to escape for XML components - w3schools
This tutorial covers the essentials of Why Escape is required for XML and examples for Escape characters for content text, attributes, CDATA, and comments. This tutorial explains about special characters escape in XML.
GeeksforGeeks
geeksforgeeks.org › html › how-to-escape-ampersands-in-xml-to-rendered-as-entities
Escape Ampersands in XML to Rendered as Entities - GeeksforGeeks
January 19, 2026 - To treat it as data, it must be escaped as "&". This preserves its intended meaning while maintaining XML structure. Correctly escaping ampersands is vital when working with XML documents containing URLs or text with ampersands.
Reddit
reddit.com › r/xml › xslt how do i handle xml escape characters?
r/xml on Reddit: XSLT How Do I Handle XML Escape Characters?
February 3, 2021 -
Hello, I hope I've come to the right place. I'm at a loss as to how to handle my problem. I have an XML feed that contains HTML tags, now the feed of course has the tags escaped and this feed works until I try to apply XSLT 3 to it. All the HTML tags (characters) are escaped and now being displayed as literal values instead of the browser rendering/parsing the HTML tags. I need to some how convert or transform the characters so they can be parsed.
I've been searching for a solution for days but I either am not understanding it or I'm just not finding the solution. Any help would be greatly appreciated.
Content example
<p> <a href="https://www.gsmarena.com/samsung_galaxy_s6_(usa)-7164.php">>Samsung Galaxy S6</a> <p>
Result I'm looking for but with the HTML element tags parsed.
<p> <a href="https://www.gsmarena.com/samsung_galaxy_s6_(usa)-7164.php">Samsung Galaxy S6</a> </p>Example of Rendered Output
Top answer 1 of 2
1
There are a number of possible solutions here, and the first one that springs to mind is the old-fashioned method of doing a pre-process in another language that resolves the escaped pointy brackets and so forth.  Another possibility is to use the unparsed-text() function and turn it into xml in memory as a variable and run your templates on the variables. This is only a better solution if your escaped characters are within specific elements or if memory isn’t an issue.
2 of 2
1
You don't write, which XSL-T processor you are using. Since there is not many options around, for XSL-T 3.0, I assume it might be Saxon. But even then, there are three editions of Saxon, an OpenSource, free, edition (Saxon/HE) and two paid editions (Saxon/PE and Saxon/EE), that come with additional features. One of these features is to execute XQuery within your XSL-T via the saxon:compile-query#1 saxon:query#1 functions. Having these available would allow a little XQuery 3.1 script (actually a function definition) to be applied: declare function local:unescape( $input as xs:string*) as xs:string* { $input => replace(``[<]``, ``[<]``) => replace(``[>]``, ``[>]``) => replace(``[&]``, ``[&]``) => replace(``[']``, ``[']``) => replace(``["]``, ``["]``) }; You will need XQuery 3.1 for this, since it uses string-constructors and arrow-operators, which are available only since XQuery 3.1 and not part of the underlying XPath language. This function will take any string and replace the five default entities, defined for XML, with their counterparts. Note, that I didn't test this in Saxon (nor do I have experience with these two Saxon extension functions), but as pure XQuery in BaseX only, but it should be possible (as long as you have a license for, at least, Saxon/PE). If you don't have Saxon/PE, you may try some tinkering with output-escaping. For this, read the serialization chapter in the specs for XSL-T 3.0. Also, placing your HTML into CDATA, when you also define the @type="html" attribute is not recommended. Use @type="text" for this and then do the text processing manually. You may also get around your issue, by using @type="xhtml", which allows you to place unescaped XHTML within the element, as long as you wrap it into an ` element. There is more to this in the Atom specification here: https://tools.ietf.org/html/rfc4287#section-4.1.3 (especially in https://tools.ietf.org/html/rfc4287#section-4.1.3.3 in the last point)
GeeksforGeeks
geeksforgeeks.org › java › escaping-xml-special-characters-in-java-string
Escaping XML Special Characters in Java String - GeeksforGeeks
August 21, 2025 - Program to escape XML Special Characters !! Unescaped String: DataStructures & Java Escaped String: DataStructures & Java Unescaped String: DataStructures > Java Escaped String: DataStructures > Java Unescaped String: DataStructures < Java Escaped String: DataStructures < Java Unescaped String: DataStructures " Java Escaped String: DataStructures " Java Unescaped String: DataStructures ' Java Escaped String: DataStructures ' Java