--- title: transform.XMLEscape description: Returns the given string, removing disallowed characters then escaping the result to its XML equivalent. categories: [] keywords: [] action: aliases: [] related: [] returnType: string signatures: [transform.XMLEscape INPUT] --- The `transform.XMLEscape` function removes [disallowed characters] as defined in the XML specification, then escapes the result by replacing the following characters with [HTML entities]: - `"` → `"` - `'` → `'` - `&` → `&` - `<` → `<` - `>` → `>` - `\t` → ` ` - `\n` → ` ` - `\r` → ` ` For example: ```go-html-template transform.XMLEscape "

abc

" → <p>abc</p> ``` When using `transform.XMLEscape` in a template rendered by Go's [html/template] package, declare the string to be safe HTML to avoid double escaping. For example, in an RSS template: {{< code file="layouts/_default/rss.xml" >}} {{ .Summary | transform.XMLEscape | safeHTML }} {{< /code >}} [disallowed characters]: https://www.w3.org/TR/xml/#charsets [html entities]: https://developer.mozilla.org/en-us/docs/glossary/entity [html/template]: https://pkg.go.dev/html/template