diff --git a/AUTHORS.md b/AUTHORS.md
index be500fae..28c69cbd 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -42,3 +42,4 @@ Moto is written by Steve Pulec with contributions from:
 * [Pior Bastida](https://github.com/pior)
 * [Dustin J. Mitchell](https://github.com/djmitche)
 * [Jean-Baptiste Barth](https://github.com/jbbarth)
+* [Tom Viner](https://github.com/tomviner)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2cdc8b56..0cddbe64 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@ Moto Changelog
 Latest
 ------
 
+    * Turn on variable escaping in templates for S3 XML documents
+
 0.4.30
 ------
 
diff --git a/moto/s3/responses.py b/moto/s3/responses.py
index b441b9ac..5ae776e6 100644
--- a/moto/s3/responses.py
+++ b/moto/s3/responses.py
@@ -38,6 +38,10 @@ class ResponseObject(_TemplateEnvironmentMixin):
         super(ResponseObject, self).__init__()
         self.backend = backend
 
+    @property
+    def should_autoescape(self):
+        return True
+
     def all_buckets(self):
         # No bucket specified. Listing all buckets
         all_buckets = self.backend.get_all_buckets()
diff --git a/tests/test_s3/test_s3.py b/tests/test_s3/test_s3.py
index 9a518107..0d8f7cb4 100644
--- a/tests/test_s3/test_s3.py
+++ b/tests/test_s3/test_s3.py
@@ -989,6 +989,14 @@ def test_boto3_key_etag():
     resp = s3.get_object(Bucket='mybucket', Key='steve')
     resp['ETag'].should.equal('"d32bda93738f7e03adb22e66c90fbc04"')
 
+@mock_s3
+def test_boto3_list_keys_xml_escaped():
+    s3 = boto3.client('s3', region_name='us-east-1')
+    s3.create_bucket(Bucket='mybucket')
+    key_name = 'Q&A.txt'
+    s3.put_object(Bucket='mybucket', Key=key_name, Body=b'is awesome')
+    resp = s3.list_objects_v2(Bucket='mybucket', Prefix=key_name)
+    assert resp['Contents'][0]['Key'] == key_name
 
 @mock_s3
 def test_boto3_bucket_create():