XML entity handling in invoice XML: CDATA decision guide
TL;DR: Validate locally, fix the first real error, validate again (no upload).
Fix XML entity handling in invoice XML: CDATA decision guide with an XML escape-first workflow and local validation (no upload).
XML escape matrix
| Character | Escape | Where it matters most |
|---|---|---|
& | & | Text nodes, attributes, URLs inside XML |
< | < | Text nodes |
> | > | Optional in text; safer in generated markup |
" | " | Attribute values |
' | ' | Attribute values |
Primary rule for this page
& -> &
Focus for this query
- Use CDATA for larger text blocks, but never place nested ']]>' unescaped.
CDATA vs escaping
Use escaping for normal text/attributes. Use CDATA when large literal blocks are easier to keep unchanged.
- Escaping is safest for machine-generated XML fields.
- CDATA is convenient for long snippets, but still requires clean XML structure.
- Never include raw
]]>inside CDATA without splitting/escaping.
Example
<!-- Text node -->
<title>Tom & Jerry</title>
<!-- Attribute value -->
<link href="/search?q=a&b=1" />
<!-- CDATA for rich text -->
<snippet><![CDATA[if (a < b && b > 0) { return a; }]]></snippet>Fast fix workflow
- Find first parser error line/column.
- Replace reserved character/entity usage at that location.
- Re-validate immediately after each edit.
- Convert/export only when parser reports clean XML.
Common parser signals
- EntityRef: expecting ; — raw
&or incomplete entity. - Undefined entity — entity not declared/unsupported by parser.
- Unescaped ampersand in URL — use
&inside XML.
FAQ
Is anything uploaded to a server? No. All processing happens locally in your browser. Files are never uploaded.
What is the recommended workflow? Validate the input, fix the first real issue, validate again, then export/convert. This avoids compounding errors.
Related tools
Related guides
Privacy & Security
All processing happens locally in your browser. Files are never uploaded.