You must use use the escaped version. For example <
becomes <
(no quotes) and &
becomes &
.
You should be able to find a full list of transformations.
An example snippet:
<a href="http://google.com">Google</a>
is the escaped version of:
<a href="http://google.com">Google</a>
Edit:
The standard’s list of entities: http://www.w3.org/TR/html4/sgml/entities.html
A Wikipedia artcile on it: http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references