String Escaper & Unescaper
Escape and unescape strings for JavaScript, JSON, HTML, and URL formats. Private, fast, and free.
Four formats
Switch between JavaScript, JSON, HTML entity, and URL percent-encoding modes instantly.
Real-time conversion
See escaped or unescaped output as you type. No buttons to press, no delays.
Private by design
All transformations run locally in your browser. Nothing is uploaded or stored.
Why escape strings?
Every programming language, markup format, and transport protocol defines certain characters as special. When you want to include those characters literally — for example a double quote inside a JSON string, or an ampersand inside HTML — you must encode them so the parser does not misinterpret them as syntax. Escaping is the process of replacing a special character with a safe substitute sequence.
Escape reference
| Character | JavaScript | JSON | HTML | URL |
|---|---|---|---|---|
| Newline | \n | \n | — | %0A |
| Tab | \t | \t | — | %09 |
| " | \" | \" | " | %22 |
| & | & | & | & | %26 |
| < | < | < | < | %3C |
| > | > | > | > | %3E |
| Space | %20 |
Common use cases
- Debugging APIs — paste a raw JSON response and unescape it to read embedded error messages or stack traces.
- Embedding snippets — escape a code block so it can be placed inside a JSON configuration file or a JavaScript template literal.
- Sanitizing HTML — escape user input before rendering it on a page to prevent XSS attacks.
- Building URLs — encode query parameters and path segments so special characters do not break the URL structure.
- Writing tests — generate the exact escaped string your code should produce for a given input.
Frequently asked questions
›What is a string escaper?
A string escaper converts special characters in plain text into their safe, encoded equivalents so the text can be safely embedded inside another format — for example inside a JavaScript string literal, a JSON value, an HTML document, or a URL. An unescaper does the reverse, turning encoded sequences back into the original characters.
›How does JavaScript escaping work?
JavaScript escaping replaces characters that would break a string literal with backslash sequences. Newlines become \n, tabs become \t, double quotes become \", backslashes become \\, and so on. This lets you safely embed multi-line text or quotes inside a JS string without syntax errors.
›What is the difference between JSON escaping and JavaScript escaping?
JSON is stricter than JavaScript. JSON only allows \n, \r, \t, \\\\, \\", and \uXXXX Unicode escapes. JavaScript also supports \xHH hex escapes, \b (backspace), \f (form feed), and single-quote escapes. If you are producing data for a JSON API, use the JSON mode to stay strictly compliant.
›When should I escape HTML?
Escape HTML whenever you are inserting user-generated or dynamic text into a web page. Converting < to <, > to >, and & to & prevents the browser from interpreting the text as markup. This is the most basic defense against cross-site scripting (XSS) when rendering untrusted content.
›Is this tool safe for sensitive data?
Yes. All escaping and unescaping happens entirely in your browser using native JavaScript functions. Your text is never uploaded to a server, logged, or stored. It is safe to escape private keys, API tokens, or personal data.
›What does URL escaping (percent-encoding) do?
URL escaping converts characters that are not allowed in a URL into a percent sign followed by two hex digits (%20 for space, %3C for <, etc.). The URL mode uses encodeURIComponent, which safely handles query parameters, path segments, and fragment identifiers in modern web applications.
›Why is my unescaped output still showing escape sequences?
If unescaping does not seem to work, check that the input actually uses the correct backslash syntax for the selected format. For example, a string with \\n (two backslashes and n) will unescape to \n (one backslash and n), not a newline. Make sure the input matches the format you selected.
›Can I escape or unescape very large strings?
Yes, within the limits of your browser's memory. The tool processes the entire input in a single synchronous pass, so multi-megabyte strings are fine on a modern device. Extremely large inputs (tens of megabytes) may briefly freeze the tab — for those cases a command-line tool is more appropriate.
›What formats does this tool support?
The tool supports four common formats: JavaScript string literals, JSON string values, HTML entities, and URL percent-encoding. You can switch between formats and between escape / unescape modes instantly without reloading the page.
More free developer tools
Part of our growing tool belt — all client-side, all free.