XML Escape and Unescape Tool

Escape text for XML nodes and attributes, or decode XML predefined entities back to text.

What it does

XML escaping protects the five predefined XML characters: ampersand, less-than, greater-than, double quote, and apostrophe. These characters can otherwise change document structure.

Unescaping converts XML predefined entities and numeric character references back into plain text so encoded payloads are easier to read.

Common uses

  • Escape text before inserting it into XML elements, attributes, SOAP payloads, SAML examples, or config snippets.
  • Decode XML entities from integration logs, serialized payloads, and generated documents.
  • Use it alongside the XML formatter when you need to switch between escaped content and full XML structure.

Watch outs

  • XML only defines five named entities by default: amp, lt, gt, quot, and apos.
  • Escaping text does not validate a complete XML document or fix mismatched tags.
  • If the content is a URL, JSON string, or SQL value inside XML, escape for that inner context first.

Privacy

XML escaping and unescaping runs in your browser. The input text is not uploaded.

FAQ

Which XML entities are decoded?

The tool decodes amp, lt, gt, quot, apos, and decimal or hexadecimal numeric character references.

Why use `'` instead of `'`?

`'` is one of XML's predefined entities, so it is the clearest XML-specific apostrophe escape.

Can this repair invalid XML?

No. It escapes or unescapes text. Use the XML formatter to parse and inspect a full XML document.

Related tools