Just a quick tip. When escaping xml I’ve used a few methods over the years depending on the application including basic string manipulation and the HtmlEncode and HtmlDecode functionality of System.Web. A while ago I stumbled over the below method.
string output = System.Security.SecurityElement.Escape(input);
See more detail here.