XML Formatter
Beautify, validate, and minify XML. Convert XML to JSON. All processing is local — your data never leaves the browser.
Processed locally
Format and validate XML — pretty-printed with consistent indentation, syntax errors surfaced with the offending line, and a one-click XML ↔ JSON conversion for working with mixed-format APIs. Handles SOAP envelopes, RSS feeds, OpenAPI specs in XML, and Java-flavoured config files. Useful when an API returns XML and your tools expect JSON, or vice versa. The parsing uses the browser's DOMParser; the XML you paste stays local during the formatting round-trip.
Input XML
Output XML
Runs in your browser
Next steps
JSON Formatter
RecommendedInstantly format, validate, or minify JSON — spot errors in seconds.
YAML Formatter
RecommendedFormat, validate, and convert YAML — with JSON ↔ YAML conversion.
CSV Viewer & Converter
View CSV as a table, convert CSV↔JSON, and filter rows.
HTML Encoder / Decoder
Encode HTML special characters to entities and decode them back.
Runs right inside your browser tab. No uploads. Your files stay private.
What Is an XML Formatter?
XML (eXtensible Markup Language) is the W3C-standardized text format for hierarchical data: a tree of elements, attributes, and text nodes serialized with angle-bracketed tags. It still powers SOAP web services, RSS and Atom feeds, SVG, Office Open XML (.docx, .xlsx), Android manifests, Maven pom.xml, Spring application context files, and SAML assertions. JSON has displaced it for many APIs, but XML's schema strength and namespace model keep it dominant in enterprise integration.
Validation in this tool is done by the browser's built-in DOMParser API. Calling parser.parseFromString(xml, 'application/xml') runs the same XML 1.0 conformant parser the browser uses for SVG and XHTML; if the input is malformed it returns a document containing a parsererror element instead of throwing. The tool inspects that element and surfaces the message — typically a one-line description of the line and column where the problem occurs.
Beautification is a deliberately small custom function rather than a full parser-driven pretty-printer. It collapses whitespace between tags, splits on tag boundaries, and re-indents based on whether each token is an opening tag, closing tag, self-closing tag, or processing instruction. This keeps the bundle small and works on most well-formed XML. The trade-off is that it does not preserve significant whitespace inside text nodes (xml:space="preserve") and does not normalize attribute order — for that, you would need a real XML library.
The XML-to-JSON converter walks the DOM produced by DOMParser and applies a common heuristic: attributes become @-prefixed keys (@name), text content becomes #text, and repeated child elements become arrays. This is a pragmatic mapping and not the only one — the BadgerFish convention prefixes with $ instead of #, the Parker convention drops attributes entirely, and JSONx uses a verbose envelope. There is no canonical XML-to-JSON because XML carries information (attributes vs elements, ordering, namespaces, comments) that JSON cannot represent without invention.
Two security pitfalls are worth flagging. XML External Entities (XXE) are a class of attack where a malicious XML document declares an external entity (<!ENTITY xxe SYSTEM "file:///etc/passwd">) that a misconfigured parser then fetches and inlines. Modern browsers' DOMParser does not resolve external entities by default, so this tool is safe — but server-side parsers in Java, Python, and PHP often need explicit configuration to disable DTD processing. Second, the billion laughs attack uses recursive entity expansion to balloon a small input into gigabytes; again, browser DOMParser is hardened, but not all libraries are.
When working with namespaced XML (xmlns attributes), keep the prefixes meaningful and consistent. The DOM API exposes namespace URIs separately from local names; the JSON converter here flattens both to a single key, which is fine for round-tripping XML you control but loses information when handling SOAP envelopes or Atom feeds with multiple namespaces. For lossless round-trips, keep the data in DOM form or use a library like xmlbuilder2.
Everything happens in your browser. Input never leaves the page, validation runs through DOMParser locally, and the JSON conversion is a synchronous walk over the parsed DOM tree. Closing the tab discards your input.
Common Use Cases
01
SOAP API debugging
Beautify SOAP envelopes returned by legacy services to make headers, faults, and bodies readable.
02
Build config formatting
Tidy Maven pom.xml, Gradle settings.xml, Android manifests, or Spring application contexts before committing.
03
RSS and Atom inspection
Pretty-print syndication feeds when investigating parser bugs in feed readers and aggregators.
04
SVG formatting
Beautify SVG markup to make it diff-friendly when checking icons and illustrations into version control.
Frequently Asked Questions
Well-formed means it follows the syntax rules: every opening tag has a closing tag, attributes are quoted, special characters are escaped. Valid is stricter — it also conforms to a specific schema (DTD, XSD, or RELAX NG). This tool checks well-formedness via DOMParser, not schema conformance.
Not in this tool. JSON-to-XML requires schema decisions that are not implicit in the JSON structure (which keys are attributes vs elements, how to represent ordered arrays). For programmatic conversion, libraries like xml-js or fast-xml-parser handle the round-trip.
Common causes: an unescaped ampersand or angle bracket inside text (use &amp; or CDATA), a missing closing tag, attribute values without quotes, or mismatched namespaces. The error message from DOMParser usually identifies the line and column.
Attributes become keys prefixed with @, e.g. <book id="5"/> becomes { book: { '@id': '5' } }. This is the most common convention but not universal — BadgerFish uses $ and Parker drops attributes. Pick whichever your downstream consumer expects.
XML External Entities — an attacker declares an entity that references a local file or external URL, then references it in the document. A poorly configured parser will fetch and inline the content, leaking files or causing SSRF. Browser DOMParser does not resolve external entities, so it is safe; server-side parsers often need explicit hardening.
Yes during validation and beautification — DOMParser preserves all xmlns declarations. The JSON converter flattens namespace prefixes into the key, which is fine for one-namespace documents but loses information in multi-namespace XML like SOAP envelopes.
It can format what your browser can hold in memory. Documents up to a few megabytes are fine; tens of megabytes start to feel sluggish; gigabyte-scale logs need streaming tools like xmllint or sax-style parsers, not a synchronous DOM-based formatter.
Minification strips inter-tag whitespace and collapses runs of internal whitespace to single spaces. Beautification re-indents the tree for readability. Use minify for transport and storage, beautify for editing and review.
DOMParser supports the subset of XML that browsers historically render, which is XML 1.0 with namespace support. XML 1.1's expanded character set is rarely needed and not universally supported across browsers.
No. All four operations (beautify, minify, validate, convert) run client-side, with no upload. Nothing is sent to a server, logged, or persisted.
Step-by-step guide
How to format & validate XML online
Walk through every step with screenshots, format-specific tips, and the platform-by-platform limits you need to know.
Advertisement
What's next?