OK, I think there's a general misunderstanding of how XML works.
You must not
escape "<" and ">" if they belong to the XML markup. This breaks the whole document, because now you've got syntax spaghetti instead of XML. Tags like "<ID>" must stay like they are, you need to write them down literally.
What you do have to escape is the data
of the XML document. If you wanna put some piece of text into an XML element, then you need to escape it first.
See the difference? On one hand, there's the XML markup
, which describes the structure of the document. On the other hand, there's the data
. It's any custom text you put into your document. Since the XML parser must be able to distinguish between, say, "<ID>" in the sense of an XML tag and "<ID>" in the sense of text, you need to escape the latter. You must not escape the former.
The transmission process works like this:
You transmit a valid XML document to the server. It must adhere to the syntax rules of XML, and all data has to be escaped.
Your example above would look like this:
On the server, you parse this very document with the markup and all entities intact. During parsing, the markup is transformed into an abstract tree structure, and the entities get replaced with the corresponding characters.