</>
ValidateHTML

Unescaped Special Characters in XML

XML reserves several characters for its syntax: & (starts entity references), < (starts tags), and > (ends tags). When these characters appear in text content or attribute values, they must be replaced with their entity references: &amp; for &, &lt; for <, and &gt; for >. Failing to escape them confuses the parser.

Why It Matters

A single unescaped & or < in text content causes the XML parser to misinterpret the structure. It may try to read the text as a tag or entity reference, producing cryptic error messages. The entire document becomes unparseable.

Common Causes

  • Putting a raw ampersand in text, for example a company name like Smith & Sons, instead of writing Smith &amp; Sons.
  • Embedding code or math containing < and > directly in element content rather than escaping them or wrapping them in CDATA.
  • Pasting URLs with query strings, where unescaped & separators between parameters break the parser.

Code Examples

Invalid XML
<?xml version="1.0" encoding="UTF-8"?>
<company>
  <name>Smith & Sons</name>
  <motto>We make price < competition</motto>
  <code>if (x > 0 && y < 10)</code>
</company>
Valid XML
<?xml version="1.0" encoding="UTF-8"?>
<company>
  <name>Smith &amp; Sons</name>
  <motto>We make price &lt; competition</motto>
  <code>if (x &gt; 0 &amp;&amp; y &lt; 10)</code>
</company>

How to Fix

  • 1Replace & with &amp; in all text content and attribute values.
  • 2Replace < with &lt; and > with &gt; when they appear in text, not as tag delimiters.
  • 3For large blocks of text with many special characters, use a CDATA section: <![CDATA[...]]>.
  • 4Also escape " as &quot; and ' as &apos; inside attribute values when needed.

Frequently Asked Questions

Which characters must be escaped in XML?
In text content you must escape & as &amp; and < as &lt;. The > character should be escaped as &gt;, especially after ]]. Inside attribute values you also escape the quote character used to delimit the value, plus & and <.
When should I use CDATA instead of escaping?
Use a CDATA section, written with the marker that opens with the exclamation and CDATA keyword, when a block contains many reserved characters, such as embedded code or HTML. Everything inside is treated as literal text, so you avoid escaping each character by hand.
Does the greater-than sign always need escaping?
A lone > is usually tolerated in text, but the spec requires escaping it as &gt; when it would otherwise follow the sequence that closes a CDATA section. Escaping every > is the safe, portable choice.

Check Your XML Now

Our XML validator detects this error automatically and shows the exact line and column.

Open XML Validator
Recommended

Cloudways · Managed Cloud Hosting

Fix this XML error, then deploy on Cloudways managed cloud (AWS, GCP, DigitalOcean).

Free 3-day trial · 30% off 3 months + free site migration with code MIGRATE303

Start free trial

Related XML Errors

Unquoted Attribute Values in XML

Every XML attribute value must be wrapped in quotes. Learn how to fix unquoted attribute errors, with clear side-by-side examples and a quick checklist.

Unclosed Tag in XML

Fix the XML unclosed tag error fast. Learn why every opening tag needs a matching closing tag or a self-closing form, with clear examples you can copy.

Mismatched Tags in XML

XML tag names are case-sensitive. Learn how to fix mismatched opening and closing tags, spot nesting mistakes, and make your XML well-formed once more.

View all XML errors