XML to String Online — Escape XML for Code

Escape an XML document into a safe string literal for JavaScript, Java, C#, Python, or JSON embedding — quotes, backslashes, and newlines all handled. 100% in your browser.

What is an XML to String Converter?

An XML to string converter escapes an XML document into a single-line or multi-line string literal that can be safely embedded inside JavaScript, JSON, Java, C#, or Python source code. It quotes the document and escapes the characters that would otherwise terminate the string or break the surrounding parser — quotes, backslashes, newlines, and control characters.

Hand-escaping XML is tedious and error-prone. The OpenFormatter converter validates the XML with the browser's native DOMParser, then runs JSON.stringify on the input — producing the canonical JSON-string form, which is also a valid JavaScript string literal, a valid Java string literal (with text-block syntax for multi-line), and a valid C# string literal. One paste, one click, ready to drop into your codebase.

How to convert XML to a string online — 4 steps

  1. Paste your XML. Drop the XML snippet you want to embed — a SOAP request template, a config block, a sample RSS item — into the Input panel.
  2. Click Convert. The XML is parsed for well-formedness, then run through JSON.stringify to produce a safely escaped string.
  3. Inspect the string. Double quotes are escaped (\"), newlines become \n, backslashes are doubled — the whole document is wrapped in "...".
  4. Copy and paste. Drop the literal into your .js, .ts, .java, .cs, or JSON file. To recover the XML, run the string through any JSON parser.

Sample XML and escaped string output

A short config XML showing how quotes, ampersands, and newlines are handled in the escaped form.

XML input

<config>
  <database>
    <host>db.example.com</host>
    <port>5432</port>
  </database>
  <message>Welcome &amp; thanks!</message>
</config>

String output

"<config>\n  <database>\n    <host>db.example.com</host>\n    <port>5432</port>\n  </database>\n  <message>Welcome &amp; thanks!</message>\n</config>"

Validates First

Your XML is parsed for well-formedness before escaping. You will not silently ship a broken XML literal that only fails at runtime when the consumer parses it.

Universal Escape

JSON-string escaping is also a valid JavaScript, TypeScript, Java, and C# string literal — one output covers most languages without further changes.

Client-Side Only

The browser parses and stringifies entirely in JavaScript on your machine. SOAP samples, signed assertions, and internal API XML never leave the device.

Common use cases

  • check_circleEmbedding a SOAP request body as a JavaScript or TypeScript constant in a fetch wrapper
  • check_circleHard-coding XML test fixtures inside Java or C# unit tests without external resource files
  • check_circleSending an XML payload as a JSON field to a REST API that expects an opaque string
  • check_circleStoring a small XML config snippet as a string column in a SQL or NoSQL database
  • check_circleWriting an HTTP transcript replay test where the XML body lives inline in source code
  • check_circleInserting XML examples into Markdown or MDX documentation as JSON-encoded strings
  • check_circleSetting an XML payload as an environment variable or Kubernetes ConfigMap entry
  • check_circleBuilding XML-string parameters for stored procedures, message queues, or RPC calls

String escape vs entity encode

There are two different escape mechanisms developers confuse: string-literal escaping protects the surrounding source code (quotes, backslashes, control chars), while HTML/XML entity encoding protects the surrounding markup (<&lt;). For embedding XML inside JSON or JavaScript, you want string-literal escaping — that's what this tool emits. For embedding XML inside another HTML page, you would entity-encode instead. The two mechanisms are not interchangeable.

More XML tooling?

Format, validate, or convert XML with the rest of OpenFormatter's browser-based toolkit.

XML FormatterXML ValidatorXML to JSON

Frequently Asked Questions

Why would I need to escape XML for code?

You escape XML when you embed it as a string literal inside source code or a JSON document. Without escaping, the XML's angle brackets, quotes, and ampersands would terminate the string or break the surrounding parser. Common scenarios: hard-coding a SOAP request template in a Java unit test, sending an XML payload as a JSON field to a REST API, or storing a small XML config snippet in a TypeScript constant.

Which characters does the converter escape?

For a JavaScript / JSON string the converter escapes: double quotes (" → \"), backslashes (\ → \\), newlines (\n), carriage returns (\r), tabs (\t), and control characters as \uXXXX. The XML stays valid XML — angle brackets and ampersands remain literal — they only need encoding if you embed the result in HTML, where you would use the HTML entity form (&lt; &gt; &amp;) instead.

Is JSON string escaping the same as HTML / XML entity escaping?

No — they are different. JSON string escaping protects the surrounding JSON syntax (quotes, backslashes, control chars). HTML / XML entity escaping protects markup syntax (< → &lt;, & → &amp;). This tool produces JSON / source-code-safe strings, which is what you almost always want when storing or transporting XML inside another data format. For HTML embedding, use a separate HTML entity encoder.

Does it validate the XML before escaping?

Yes. The converter parses your input with the browser's DOMParser first and rejects malformed XML with an error. This stops you from silently shipping broken XML inside a string literal — a bug that would only surface at runtime when the consumer tried to parse the embedded XML.

Can I reverse a string back to XML?

Yes. Switch to the String → XML mode (if available) or paste the escaped string into any JSON parser to recover the original XML text. The conversion is fully lossless: every byte of the input XML is preserved across the round trip.

How do I embed XML in a Java or C# string?

For Java and C#, the JSON-style escaping this tool emits is mostly compatible — you escape backslashes and double quotes the same way. Java text blocks (Java 15+) and C# verbatim strings (@"...") let you skip most escaping; for those you only need to double internal quotes. For older code, paste the JSON-escaped output as a regular string literal.

Does the tool send my XML anywhere?

No. The DOMParser and JSON.stringify both run inside your browser. XML containing internal API examples, signed envelopes, or proprietary schemas never leaves your machine. Open DevTools → Network and click Convert to verify — there are no requests.

Will newlines be preserved in the output?

Yes — newlines inside the original XML become \n inside the resulting string literal, so the embedded XML retains its original line structure when un-escaped. If you want a single-line output, paste the XML through an XML minifier first or strip newlines before converting.

Related Tools

XML Formatter

Pretty-print and indent XML documents

XML Validator

Check XML well-formedness and structure

XML to JSON

Convert XML to a JSON object structure

JSON to String

Escape JSON for embedding in code strings

XML to YAML

Produce clean YAML from XML hierarchy

All XML Tools

Browse the full XML toolkit

Developer Insights

From the Blog

View all articlesarrow_forward
Formats8 min read

YAML vs JSON in 2024: When to Use Each

A definitive guide on choosing the right data serialization format for modern infrastructure.

Read articlearrow_forward
Engineering6 min read

Why JSON Formatting Matters More Than You Think

How proper JSON structure prevents production bugs, improves debugging, and makes code reviews faster.

Read articlearrow_forward
Privacy4 min read

The Case for 100% Client-Side Data Processing

Why we built OpenFormatter to process all data locally, and what that means for your workflow security.

Read articlearrow_forward
XML to String Online — Escape XML for Code | OpenFormatter