Escape Characters in JSON Strings

JSON strings must be enclosed in double quotes and support a specific set of escape sequences for representing special characters. Understanding these sequences is essential for correctly encoding data that contains characters which would otherwise break the JSON syntax.

The complete set of JSON escape sequences:

• \" — Double quote (required when a quote appears inside a string)
• \\ — Backslash (the escape character itself must be escaped)
• \/ — Forward slash (optional but sometimes used)
• \b — Backspace (U+0008)
• \f — Form feed (U+000C)
• \n — Newline / line feed (U+000A)
• \r — Carriage return (U+000D)
• \t — Horizontal tab (U+0009)
• \uXXXX — Unicode escape (any character by its 4-digit hex code point)

Why escaping matters:

JSON strings cannot contain literal control characters (code points U+0000 through U+001F). A literal newline character inside a JSON string makes the document invalid. You must use \n instead. Similarly, a literal tab must be written as \t. Double quotes within strings must be escaped as \" to avoid prematurely terminating the string.

Unicode escaping:

Any Unicode character can be represented using the \uXXXX syntax, where XXXX is the hexadecimal code point. For example, \u00E9 represents the character "e" with an acute accent. Characters outside the Basic Multilingual Plane (code points above U+FFFF) require a surrogate pair: two \u sequences. For example, the emoji U+1F600 is encoded as \uD83D\uDE00.

Common mistakes developers make:

The most prevalent mistake is forgetting to escape backslashes in Windows file paths. The path C:\new\temp in a JSON string must be written as "C:\\new\\temp", or else \n and \t will be interpreted as a newline and a tab. Another frequent error is manually constructing JSON strings with string concatenation and forgetting to escape user-provided data, which can lead to parse errors or injection vulnerabilities. Developers also sometimes use single-character escapes like \a or \v that are valid in some programming languages but are not valid JSON escape sequences.

Best practices:

Never construct JSON strings by hand or with string concatenation. Always use your language's built-in JSON serializer (JSON.stringify() in JavaScript, json.dumps() in Python, encoding/json in Go), which handles all escaping automatically. When debugging escape issues, paste the raw JSON into a validator to see exactly where the syntax breaks. For embedding multi-line text, use \n within a single string rather than trying to split across literal lines.