Do I need to replace double/single quote in XML body text?
In element content you only need to escape &
and <
; you never need to escape single or double quotes, and you need to escape >
only if it appears as part of the sequence ]]>
(many people replace it unconditionally, because that's simpler).
In attribute content you only need to escape &
and <
and either '
or "
, depending which one was used as the attribute delimiter.
Entities starting with &
are not recognized in comments or CDATA sections, or in element or attribute names, so special characters must not be escaped in those contexts.