Basic entity escaping—attribute contexts may need extra rules.
A literal escape for HTML/XML text contexts: & < > " ' → named/decimal entities. It does not add newlines or escape every Unicode character; for production sanitization use vetted libraries and context-appropriate rules.
This calculator uses plain decimal numbers. If a result looks wrong, check whether you used a comma instead of a dot (or vice versa) where the field expects one.