It never occured to me before today but

str.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;");

is good enough for quick and dirty escaping of XML text.

And escaping it manually to write it here is also fun ;-)