XML Escape / Unescape

Escape special XML characters to their entity equivalents before embedding text inside XML documents, SOAP messages, or XHTML. Unescape XML entities back to readable characters when reading or processing XML content.

Last updated: May 28, 2026

Text input

Output

XML entities: & → &, < → <, > → >, " → ", ' → '. XML uses ' for single quotes, unlike HTML which uses '.

Client-Side Processing

Input Data Stays on Device

Instant Local Execution

Find this tool useful? Support the project to keep it free!

Buy me a coffee

What is XML Escape / Unescape?

XML defines five characters with special syntax meaning: & (ampersand), < (less-than), > (greater-than), " (double quote), and ' (single quote). When these appear in text content or attribute values, they must be represented as named entities — &, <, >, ", and ' — or the XML document becomes malformed and parsers will reject it.

Note that XML uses &apos; for single quotes, whereas HTML uses &#039;. This tool applies the correct XML entity set so the output is valid in XML and XHTML contexts.

How to Use XML Escape / Unescape

Paste your text into the input field

Click "Escape XML" to convert special characters to XML entities

Click "Unescape XML" to convert entities back to their original characters

Copy the output for use in your XML document, API payload, or XHTML template

Common Use Cases

Backend developers escaping user-provided strings before inserting them into XML documents or SOAP request bodies.
API integrators encoding text values for XML-based web service payloads where unescaped characters would break the schema.
XHTML template developers ensuring content strings are valid in strict XML parsing contexts.
Data engineers transforming CSV or database content into XML format without breaking the structure.
QA engineers verifying that XML serialization handles all five reserved characters correctly.

Example Input and Output

Escaping a product description before embedding it as a text node in an XML product catalog.

Raw text

Tom & Jerry's <Adventure> said "It's great!"

XML-escaped output

Tom &amp; Jerry&apos;s &lt;Adventure&gt; said &quot;It&apos;s great!&quot;

Escape before insert

Always escape text content before constructing XML by string concatenation. Building XML with template literals or string joins without escaping is a common source of malformed documents.

Browser-side only

All processing happens in your browser. No content is sent to a server.

Frequently Asked Questions

How is XML escaping different from HTML escaping?

XML and HTML share &, <, >, and ". The key difference is the single-quote entity: XML uses &apos; while HTML uses &#039;. XML also requires well-formedness, so any unescaped reserved character causes a parse error.

Do I need to escape > in XML?

Technically > is only required in CDATA sections and specific sequence contexts, but escaping it everywhere (>) is the safest and most readable approach.

Does this handle CDATA sections?

No. CDATA sections wrap raw character data without entity escaping (everything between <![CDATA[ and ]]> is treated as literal text). This tool escapes and unescapes entity form. Use CDATA when you have large blocks of text with many special characters.

Can I use this for XHTML?

Yes. XHTML is XML-based, so it shares the same escaping rules. The output of this tool is valid in both XML and XHTML attribute and text-node contexts.

Is my content processed on a server?

No. Escaping and unescaping run entirely in your browser.