---
title: transform.XMLEscape
description: Returns the given string, removing disallowed characters then escaping the result to its XML equivalent.
categories: []
keywords: []
params:
functions_and_methods:
aliases: []
returnType: string
signatures: [transform.XMLEscape INPUT]
---
The `transform.XMLEscape` function removes [disallowed characters][] as defined in the XML specification, then escapes the result by replacing the following characters with [HTML entities][]:
- `"` → `"`
- `'` → `'`
- `&` → `&`
- `<` → `<`
- `>` → `>`
- `\t` → ` `
- `\n` → `
`
- `\r` → `
`
For example:
```go-html-template
{{ transform.XMLEscape "abc
" }} → <p>abc</p>
```
When using `transform.XMLEscape` in a template rendered by Go's [`html/template`][] package, declare the string to be safe HTML to avoid double escaping. For example, in an RSS template:
```xml {file="layouts/rss.xml"}
{{ .Summary | transform.XMLEscape | safeHTML }}
```
[HTML entities]: https://developer.mozilla.org/en-US/docs/Glossary/Entity
[`html/template`]: https://pkg.go.dev/html/template
[disallowed characters]: https://www.w3.org/TR/xml/#charsets