Advertisements

headerup to 320x100 / 728x90

XML Escape / Unescape

Escape or unescape XML special characters and numeric entities with one click

Mode:
Input
Loading editor...
Output

Output will appear here...

Advertisements

content bottomup to 300x250

What is XML Escape / Unescape

Last reviewed:

XML (Extensible Markup Language) is a strict, tag-based format used for documents, SOAP APIs, RSS feeds, and many enterprise and publishing systems.

XML Escape / Unescape replaces the five reserved characters (& < > " ') with their named entities (&amp; &lt; &gt; &quot; &apos;) or reverses the operation by decoding named entities plus numeric and hex references like &#123; and &#x1F600;.

It's essential for XML, SVG, Atom, RSS, and SOAP workflows where raw user input must be safely embedded in element content or attribute values.

Why use it

  • Embed user text in XML element content without breaking the document.
  • Decode Atom / RSS feed bodies for analysis.
  • Clean up SVG sources before inlining.
  • Round-trip SOAP envelope payloads.
  • Audit XML documents for properly-escaped attributes.

Features

  • Canonical five XML entities
  • Decodes named, numeric, and hex references
  • Safe for element content and attributes
  • Processes XML locally in your browser, no upload required
  • Handles Unicode code points during decode

How to use XML Escape / Unescape

  1. Choose mode. Pick Escape or Unescape.
  2. Paste content. Drop raw text or escaped XML.
  3. Run. Copy the escaped / decoded content into your XML document.

Example (before/after)

Raw text

<tag attr="x&y">'ok'</tag>

XML escaped

&lt;tag attr=&quot;x&amp;y&quot;&gt;&apos;ok&apos;&lt;/tag&gt;

Common errors

Double-encoded output

Running escape twice produces &amp;amp;.

Fix: Unescape first, then escape only once.

HTML-only entities

Entities like &nbsp; are HTML-specific, not XML.

Fix: Use the HTML Entities converter for broader entity coverage.

FAQ

Which entities are escaped?

The canonical five: &amp;, &lt;, &gt;, &quot;, &apos;.

Which entities are decoded?

All five named, plus numeric (&#123;) and hex (&#x7B;) references.

Is it safe for attribute values?

Yes — &quot; and &apos; are both produced for maximum safety.

Does it add an XML declaration?

No — it operates purely on text content.

Is my data sent anywhere?

No — the tool runs client-side.

Related tools

Pair XML escape with JSON, HTML entities, and SQL helpers for complete escaping pipelines. You can also browse the full Encoders & Decoders category for more options.

HTML Entities <-> Text Converter

Convert text to HTML entities or decode HTML entities back to text in a single bidirectional tool

JSON Escape

Escape JSON special characters

JavaScript Escape / Unescape

Escape or unescape JavaScript string literals with backslash, quote, Unicode, and control-character handling

C# Escape / Unescape

Escape or unescape C# string literals including \x, \u, and \U Unicode escape sequences

Java Escape / Unescape

Round-trip Java string literals — escape quotes, backslashes, newlines, and Unicode sequences

XML Formatter

Format and beautify XML documents online with proper indentation and line breaks. Validate XML syntax while formatting for clean, readable markup.

XML Stringify

Wrap an XML document in a JSON string literal for safe embedding in payloads

SQL Escape / Unescape

Escape or unescape SQL string literals using standard single-quote doubling

XML URL Encoder

Encode XML for URL parameters

XML URL Encoder / Decoder

Percent-encode or decode an XML payload for safe transmission in query strings and URLs

HTML Entities Encoder

Encode text to HTML entities

HTML Encoder/Decoder

Encode or decode HTML entities