Certain special characters need to be escaped to avoid having the code interpreted as a delimiter or other special meaning:
escape all ampersand (&) characters
escape all ampersands with & to prevent them from being interpreted as XML character entities
escape all less than (<) symbols
escape all < symbols with < to prevent them from being interpreted as the starting delimiter of an XML tag
escape all greater than (>) symbols
escape all > symbols with > to prevent them from being interpreted as the ending delimiter of an XML tag
escape double quotes (") within double-quoted attributes
escape double quotes in attributes as "
escape apostrophes (') within single-quoted attributes
escape apostrophes (single quotes) in attributes as &apost;
escape special characters
escape other special characters using the appropriate decimal character code (&#nnn;) or hexadecimal character code (&#xnnnn;). For example, code a non-breaking space as either   or   (not ).