We can use the SecurityElement.Escape method to replace the invalid XML characters in a string with their valid XML equivalent [1].

Namespace: System.Security
Assembly: mscorlib (in mscorlib.dll)

I have used the HttpUtility classes UrlEncode and UrlDecode methods to handle cross-site scripting attacks and this also helped me to get rid of the XmlException – “Data at the root level is invalid”.

tagText = SecurityElement.Escape(tagText);