The only escaping that needs to take place are the ones that have to do with being able to discern between xml tags and data that contains stuff that looks like xml tags (centering mostly over the < character).

As far as restrictions on the format of the content, that depends on the DTD and or Schema files used to define the document format. DTDs have very limited capability to restrict the data, while Schema comes at the cost of some complexity.