XML Escape and Unescape Tool
Escape text for XML nodes and attributes, or decode XML predefined entities back to text.
What it does
XML escaping protects the five predefined XML characters: ampersand, less-than, greater-than, double quote, and apostrophe. These characters can otherwise change document structure.
Unescaping converts XML predefined entities and numeric character references back into plain text so encoded payloads are easier to read.
Common uses
- Escape text before inserting it into XML elements, attributes, SOAP payloads, SAML examples, or config snippets.
- Decode XML entities from integration logs, serialized payloads, and generated documents.
- Use it alongside the XML formatter when you need to switch between escaped content and full XML structure.
Watch outs
- XML only defines five named entities by default: amp, lt, gt, quot, and apos.
- Escaping text does not validate a complete XML document or fix mismatched tags.
- If the content is a URL, JSON string, or SQL value inside XML, escape for that inner context first.
Privacy
XML escaping and unescaping runs in your browser. The input text is not uploaded.
FAQ
Which XML entities are decoded?
The tool decodes amp, lt, gt, quot, apos, and decimal or hexadecimal numeric character references.
Why use `'` instead of `'`?
`'` is one of XML's predefined entities, so it is the clearest XML-specific apostrophe escape.
Can this repair invalid XML?
No. It escapes or unescapes text. Use the XML formatter to parse and inspect a full XML document.
Related tools
HTML Escape
Client-side HTML escape and unescape tool for ampersands, angle brackets, quotes, apostrophes, numeric entities, and common named entities.
XML Formatter
Client-side XML formatter with a collapsible tree viewer, highlighted formatted text, copy button, and one-click XML export.
JSON Escape
Client-side JSON string escape and unescape tool for quotes, backslashes, control characters, tabs, newlines, and Unicode escape sequences.