JSONXML

Free XML Escape / Unescape

Escape XML special characters to entities or unescape entities back to text. Runs in your browser — your data never leaves your machine.

Text ↔ XML Escaped
Unescaped Text
XML Escaped
XML Entity Reference
&&
<&lt;
>&gt;
"&quot;
'&apos;

5 Predefined Entities

Converts all 5 XML-special characters: & to &amp;, < to &lt;, > to &gt;, " to &quot;, and ' to &apos;. These cover every character that can break XML syntax.

Bidirectional

Type in either panel — text on the left escapes to entities on the right, and entities on the right unescape to text on the left, all in real time.

100% Private

All escaping and unescaping runs locally in your browser using JavaScript. Nothing is sent to a server — safe for sensitive data.

How to Escape and Unescape XML Entities

Type or paste text containing XML-special characters in the left panel and the escaped version with entity references appears instantly on the right. To unescape, paste XML text with entities like &amp; and &lt; in the right panel and the original text with literal characters appears on the left. The built-in entity reference table shows all 5 predefined XML entities for quick reference.

Understanding XML Entity Escaping

XML uses angle brackets to delimit tags and ampersands to start entity references. When these characters appear as literal text content, they must be replaced with predefined entity references to avoid ambiguity. The XML specification defines exactly 5 such entities. Proper escaping is critical for generating well-formed XML and preventing injection attacks when constructing XML from user input.

Frequently Asked Questions

What are the 5 predefined XML entities?
XML defines 5 predefined entities: &amp; for &, &lt; for <, &gt; for >, &quot; for ", and &apos; for '. These characters have special meaning in XML syntax and must be escaped when used as literal text content.
Why do XML characters need to be escaped?
Characters like < and & have special meaning in XML — < starts a tag and & starts an entity reference. If these characters appear in text content without escaping, the XML parser will misinterpret the document structure, causing parse errors or security vulnerabilities.
Can I unescape XML entities back to text?
Yes — the tool is bidirectional. Paste XML containing entities like &amp; and &lt; in the right panel and the unescaped text with literal characters appears instantly in the left panel.
Is this tool free?
Yes — completely free, forever. No sign-up, no account, no usage limits.
Is my data safe?
All escaping and unescaping happens locally in your browser using JavaScript. Nothing is uploaded to any server. It's safe to use with sensitive or proprietary data.
Does this handle numeric character references?
This tool handles the 5 predefined named entities (&amp;, &lt;, &gt;, &quot;, &apos;). Numeric character references like &#60; or &#x3C; are not currently converted, though these are less common in practice.

Related Tools

JSON Escape / Unescape

Escape or unescape JSON strings instantly. Handle special characters, quotes, and Unicode. Free.

XML Formatter

Pretty-print or minify XML with configurable indentation. Free, runs in your browser.

XML Validator

Validate XML syntax and see errors with line numbers. Free, runs in your browser.