How to use the XML Unescape
Decode XML entities in two steps:
1
Paste the XML-escaped text
Enter any text containing XML or HTML entity sequences like <, >, &, ", ©, or ©.
2
Read the decoded output
All recognized entity sequences are decoded to their actual characters. The entity count in the footer shows how many were found and decoded.
When to use this tool
Use this tool to decode XML or HTML entity-escaped text back to readable characters:
- →Decoding XML-escaped content from RSS/Atom feeds, API responses, or XML configuration files
- →Reading HTML-encoded text from CMS databases, content exports, or web scraping results
- →Converting XML entity sequences in error messages or log output back to readable characters
- →Decoding source code or HTML templates that show < and > instead of actual angle brackets
- →Fixing double-encoded content where entities were escaped twice (showing &lt; instead of <)
- →Reading XML attribute values or text node content that appears in escaped form in debugging output
Frequently asked questions
Q:What entities does this tool decode?
This tool decodes: (1) the five predefined XML entities — &lt; (< ), &gt; (>), &amp; (&), &quot; ("), &apos; ('); (2) decimal numeric character references — &#DDD; where DDD is a Unicode code point in decimal (e.g. &#169; → ©); (3) hexadecimal numeric character references — &#xHH; where HH is the code point in hex (e.g. &#xA9; → ©). Named HTML entities beyond the five XML entities (like &copy;, &nbsp;, &eacute;) require the HTML Entity Decoder tool which uses the browser's full HTML5 named entity parser.
Q:Why is &amp; decoded last?
The ampersand (&) is the escape character that begins all entity sequences. If & were decoded first (converting &amp; to &), then the subsequent decoding of & would convert that & to & again — but it would also accidentally decode other entity references that came after. Decoding & last ensures that all other entity sequences (&lt;, &gt;, etc.) are processed first, and then &amp; is correctly converted to &. This ordering prevents double-decoding and ensures each entity is decoded exactly once to its intended character.
Q:What is the difference between &quot; and " for double quotes?
&quot; is the named XML/HTML entity for the double quote character ("). " is the decimal numeric character reference for the same character (Unicode code point 34). Both are valid in XML and HTML, and both decode to the same character. &quot; is more readable because the name 'quot' is recognizable, while " requires knowing the Unicode code point. This tool decodes both forms to the same double quote character. In practice, &quot; is more common in XML attributes while " occasionally appears in older HTML or in generated output from libraries that prefer numeric references.
Q:What does double-encoded XML look like and how do I fix it?
Double-encoded XML occurs when already-escaped content is escaped again. For example, the literal text < gets escaped to < (once). If < is then escaped again, the & becomes & producing &lt; — which displays as the literal text '<' rather than '<'. To fix double-encoding, run the content through this decoder once to remove the outer layer of escaping. You'll see the first decode produce < as a result, which you can then decode again to get the original <. Each pass removes one encoding layer.
Q:Can I use this tool to decode RSS feed content?
Yes — RSS and Atom feeds frequently XML-escape their text content, especially in the <description> and <content:encoded> elements. Article titles with ampersands (AT&T), angle brackets in code examples, and quoted strings will appear entity-escaped in the raw feed XML. Paste the escaped content from the feed into this tool to see the original human-readable text. Note that RSS feeds sometimes also contain HTML content inside XML, resulting in both XML-escaped HTML entities — decode the XML layer first to reveal the HTML entities, then decode those with the HTML Entity Decoder if needed.
Q:Does this tool handle numeric character references for emoji?
Yes — both decimal and hex numeric character references for any Unicode code point are supported, including emoji and supplementary characters above U+FFFF. For example, 😀 (decimal) and 😀 (hex) both decode to 😀. Emoji and other supplementary characters use code points above 65535 and are correctly handled via String.fromCodePoint() which accepts any valid Unicode scalar value. Named HTML entities for emoji (like &#x1F600;) work the same way through the numeric reference path.