Which characters does XML require escaping?

XML predefines exactly five entities: ampersand becomes &, less-than becomes <, greater-than becomes >, apostrophe becomes ', and double quote becomes ". Of these, the ampersand and less-than are mandatory in text content; the others matter mostly inside attribute values.

Why is XML escaping different from HTML?

HTML defines hundreds of named entities like © and , but XML defines only these five. Using an HTML-only entity such as in plain XML makes the document not well-formed, so the XML escaper deliberately limits itself to the safe five.

Must the ampersand be escaped first?

Yes. Every entity starts with an ampersand, so it must be replaced before the other four characters. Otherwise escaping the less-than sign would create a new ampersand that a later step would wrongly re-escape, breaking the output.

Do I always need to escape quotes and apostrophes?

Only inside attribute values, and only the quote character that delimits the attribute. In element text content they are legal as-is. Escaping all five is always safe, which is why this tool does so by default for maximum portability.

Will unescape touch numeric entities?

This tool unescapes the five named XML entities and also expands numeric references like A and A since those are valid in XML. Unknown named entities are left untouched so nothing is silently corrupted.

XML Entity Escaper/Unescaper

Q: Which characters does XML require escaping?

XML predefines exactly five entities: ampersand becomes &amp;, less-than becomes &lt;, greater-than becomes &gt;, apostrophe becomes &apos;, and double quote becomes &quot;. Of these, the ampersand and less-than are mandatory in text content; the others matter mostly inside attribute values.

Q: Why is XML escaping different from HTML?

HTML defines hundreds of named entities like &copy; and , but XML defines only these five. Using an HTML-only entity such as in plain XML makes the document not well-formed, so the XML escaper deliberately limits itself to the safe five.

XML is far stricter than HTML about entities: it predefines only five. This tool escapes those five characters so your text is well-formed inside XML elements and attributes, and unescapes them back to plain characters.

How it works

Escaping replaces the ampersand first, then the remaining four characters, so no sequence is double-processed:

& -> &amp;
< -> &lt;
> -> &gt;
' -> &apos;
" -> &quot;

Unescaping reverses these five named references and also expands numeric references such as 
 and 
, which XML permits, while leaving any unknown reference untouched so no data is lost.

Tips and notes

In element content you strictly only need to escape & and <, but escaping all five is harmless and portable, so this tool does it by default. Inside an attribute delimited by double quotes you must escape the double quote; inside one delimited by single quotes you must escape the apostrophe. Never use HTML-only entities like   in plain XML — they make the document fail to parse. If you need those, declare them in a DTD or use a numeric reference instead.