What's the difference between valid and well-formed XML?

Well-formed means the structure is correct (proper tags, nesting). Valid means it also conforms to a specific schema (DTD/XSD). This tool checks well-formedness.

Can it convert JSON to XML?

Not yet — the current converter handles XML to JSON. JSON to XML conversion requires additional schema decisions.

No. All processing runs in your browser using the built-in DOMParser API.

XML Formatter

Processed locally

Beautify, validate, and minify XML. Convert XML to JSON. All processing is local — your data never leaves the browser.

Input XML

Output XML

Runs entirely in your browser — nothing is uploaded

Runs in your browser

Next steps

JSON Formatter

Recommended

Instantly format, validate, or minify JSON — spot errors in seconds.

YAML Formatter

Recommended

Format, validate, and convert YAML — with JSON ↔ YAML conversion.

CSV Viewer & Converter

View CSV as a table, convert CSV↔JSON, and filter rows.

HTML Encoder / Decoder

Encode HTML special characters to entities and decode them back.

View all tools →

Runs entirely in your browser. No uploads. Your files stay private.

What Is an XML Formatter?

XML (eXtensible Markup Language) is the W3C-standardized text format for hierarchical data: a tree of elements, attributes, and text nodes serialized with angle-bracketed tags. It still powers SOAP web services, RSS and Atom feeds, SVG, Office Open XML (.docx, .xlsx), Android manifests, Maven pom.xml, Spring application context files, and SAML assertions. JSON has displaced it for many APIs, but XML's schema strength and namespace model keep it dominant in enterprise integration.

Validation in this tool is done by the browser's built-in DOMParser API. Calling parser.parseFromString(xml, 'application/xml') runs the same XML 1.0 conformant parser the browser uses for SVG and XHTML; if the input is malformed it returns a document containing a parsererror element instead of throwing. The tool inspects that element and surfaces the message — typically a one-line description of the line and column where the problem occurs.

Beautification is a deliberately small custom function rather than a full parser-driven pretty-printer. It collapses whitespace between tags, splits on tag boundaries, and re-indents based on whether each token is an opening tag, closing tag, self-closing tag, or processing instruction. This keeps the bundle small and works on most well-formed XML. The trade-off is that it does not preserve significant whitespace inside text nodes (xml:space="preserve") and does not normalize attribute order — for that, you would need a real XML library.

The XML-to-JSON converter walks the DOM produced by DOMParser and applies a common heuristic: attributes become @-prefixed keys (@name), text content becomes #text, and repeated child elements become arrays. This is a pragmatic mapping and not the only one — the BadgerFish convention prefixes with $ instead of #, the Parker convention drops attributes entirely, and JSONx uses a verbose envelope. There is no canonical XML-to-JSON because XML carries information (attributes vs elements, ordering, namespaces, comments) that JSON cannot represent without invention.

Two security pitfalls are worth flagging. XML External Entities (XXE) are a class of attack where a malicious XML document declares an external entity (<!ENTITY xxe SYSTEM "file:///etc/passwd">) that a misconfigured parser then fetches and inlines. Modern browsers' DOMParser does not resolve external entities by default, so this tool is safe — but server-side parsers in Java, Python, and PHP often need explicit configuration to disable DTD processing. Second, the billion laughs attack uses recursive entity expansion to balloon a small input into gigabytes; again, browser DOMParser is hardened, but not all libraries are.

When working with namespaced XML (xmlns attributes), keep the prefixes meaningful and consistent. The DOM API exposes namespace URIs separately from local names; the JSON converter here flattens both to a single key, which is fine for round-tripping XML you control but loses information when handling SOAP envelopes or Atom feeds with multiple namespaces. For lossless round-trips, keep the data in DOM form or use a library like xmlbuilder2.

Everything happens in your browser. Input never leaves the page, validation runs through DOMParser locally, and the JSON conversion is a synchronous walk over the parsed DOM tree. Closing the tab discards your input.

Common Use Cases

SOAP API debugging

Beautify SOAP envelopes returned by legacy services to make headers, faults, and bodies readable.

Build config formatting

Tidy Maven pom.xml, Gradle settings.xml, Android manifests, or Spring application contexts before committing.

RSS and Atom inspection

Pretty-print syndication feeds when investigating parser bugs in feed readers and aggregators.

SVG formatting

Beautify SVG markup to make it diff-friendly when checking icons and illustrations into version control.

Frequently Asked Questions

Well-formed means it follows the syntax rules: every opening tag has a closing tag, attributes are quoted, special characters are escaped. Valid is stricter — it also conforms to a specific schema (DTD, XSD, or RELAX NG). This tool checks well-formedness via DOMParser, not schema conformance.

Not in this tool. JSON-to-XML requires schema decisions that are not implicit in the JSON structure (which keys are attributes vs elements, how to represent ordered arrays). For programmatic conversion, libraries like xml-js or fast-xml-parser handle the round-trip.

Common causes: an unescaped ampersand or angle bracket inside text (use &amp; or CDATA), a missing closing tag, attribute values without quotes, or mismatched namespaces. The error message from DOMParser usually identifies the line and column.

Attributes become keys prefixed with @, e.g. <book id="5"/> becomes { book: { '@id': '5' } }. This is the most common convention but not universal — BadgerFish uses $ and Parker drops attributes. Pick whichever your downstream consumer expects.

XML External Entities — an attacker declares an entity that references a local file or external URL, then references it in the document. A poorly configured parser will fetch and inline the content, leaking files or causing SSRF. Browser DOMParser does not resolve external entities, so it is safe; server-side parsers often need explicit hardening.

Yes during validation and beautification — DOMParser preserves all xmlns declarations. The JSON converter flattens namespace prefixes into the key, which is fine for one-namespace documents but loses information in multi-namespace XML like SOAP envelopes.

It can format what your browser can hold in memory. Documents up to a few megabytes are fine; tens of megabytes start to feel sluggish; gigabyte-scale logs need streaming tools like xmllint or sax-style parsers, not a synchronous DOM-based formatter.

Minification strips inter-tag whitespace and collapses runs of internal whitespace to single spaces. Beautification re-indents the tree for readability. Use minify for transport and storage, beautify for editing and review.

DOMParser supports the subset of XML that browsers historically render, which is XML 1.0 with namespace support. XML 1.1's expanded character set is rarely needed and not universally supported across browsers.

No. All four operations (beautify, minify, validate, convert) run entirely in your browser. Nothing is sent to a server, logged, or persisted.

Step-by-step guide

How to format & validate XML online

Walk through every step with screenshots, format-specific tips, and the platform-by-platform limits you need to know.