DevToolbox

String Escape/Unescape

Escape and unescape strings for JSON, JavaScript, HTML, URL, SQL, and CSV formats.

About This Tool

The String Escape/Unescape tool is a free browser-based utility that converts raw strings into safely escaped representations and vice versa. It supports six of the most common formats developers encounter daily: JSON, JavaScript, HTML, URL, SQL, and CSV.

String escaping is a fundamental operation in software development. When you embed user-supplied text inside a JSON payload, an HTML page, a SQL query, or a URL, certain characters carry special meaning and must be escaped to prevent syntax errors, rendering bugs, or security vulnerabilities such as cross-site scripting (XSS) and SQL injection. This tool handles all those transformations instantly as you type.

Every conversion runs entirely in your browser using native JavaScript APIs and pure string manipulation. No data is transmitted to any server, no cookies are set, and no input is logged. This makes the tool safe for sensitive content like API keys, database connection strings, and authentication tokens.

The JSON mode escapes double quotes, backslashes, forward slashes, and control characters (\b, \f, \n, \r, \t) as well as non-printable Unicode characters into \uXXXX notation. The JavaScript mode extends this to also handle single quotes and backticks. HTML mode converts angle brackets, ampersands, and quote characters into their entity equivalents (<, &, etc.). URL mode leverages encodeURIComponent for percent-encoding. SQL mode doubles single quotes and applies backslash escapes, while CSV mode wraps fields in double quotes when they contain commas, newlines, or quote characters.

The Swap button lets you quickly move the output back into the input field, which is useful when you need to chain conversions or verify round-trip fidelity. If the input contains a malformed escape sequence, a clear error message is shown so you can locate and fix the problem.

How to Use

  1. Select the Escape or Unescape mode using the toggle at the top.
  2. Choose the target format: JSON, JavaScript, HTML, URL, SQL, or CSV.
  3. Paste or type your string into the Input textarea on the left.
  4. The escaped (or unescaped) result appears instantly in the read-only Output panel on the right.
  5. Click Copy to copy the output to your clipboard, or use the keyboard shortcut Ctrl+Shift+C.
  6. Use the Swap button to move the output back into the input field for chaining or verification.
  7. Click Clear to reset both fields and start over.

Popular String Escape Examples

View all string escape examples →

FAQ

Is my data safe when using this tool?

Yes. All escaping and unescaping is performed entirely in your browser using client-side JavaScript. No data is sent to any server, and nothing is stored or logged. It is safe to use with sensitive strings such as API keys or passwords.

What is the difference between JSON and JavaScript escaping?

JSON escaping handles double quotes, backslashes, forward slashes, and control characters (\\n, \\r, \\t, etc.) plus Unicode escapes (\\uXXXX). JavaScript escaping includes all of that and also escapes single quotes and backticks, which are significant in JS string literals and template literals.

How does HTML escaping help prevent XSS attacks?

HTML escaping converts characters like <, >, &, ", and ' into their HTML entity equivalents. This prevents the browser from interpreting user-supplied text as HTML or JavaScript, which is the primary vector for cross-site scripting (XSS) vulnerabilities.

What does the Swap button do?

The Swap button copies the current output into the input field. This is useful when you want to verify that an escape followed by an unescape returns the original string (round-trip check), or when you need to apply a second transformation to the result.

What happens if the input contains invalid escape sequences?

When unescaping, if the input contains malformed sequences (for example, an incomplete \\u escape in JSON mode or an invalid percent-encoded sequence in URL mode), a descriptive error message is displayed below the toolbar so you can identify and correct the problem.

Related Tools

URL Encode/Decode

Encode and decode URLs, parse query parameters, and build query strings.

HTML Entity Encode/Decode

Encode and decode HTML entities, named characters, and Unicode escape sequences.

Base64 Encode/Decode

Encode and decode Base64 strings and files with drag-and-drop support.

JSON Formatter

Format, validate, and beautify JSON with syntax highlighting and tree view.

Unicode Inspector

Inspect Unicode characters with code point, UTF-8/UTF-16 encoding, character name, category, and block details.

Diff Patch Applier

Apply unified diff patches to text, reverse-apply patches, review hunks, and generate diffs between two texts.

Whitespace Visualizer

Visualize invisible characters like spaces, tabs, newlines, zero-width spaces, and BOM. Detect line endings and clean hidden characters.

String Length Calculator

Calculate string length in characters, code points, grapheme clusters, and byte sizes for UTF-8, UTF-16, and UTF-32.

Unicode Normalizer

Normalize Unicode text to NFC, NFD, NFKC, or NFKD forms. Compare forms side by side with character-level breakdowns.

ICU Message Format Tester

Test and preview ICU MessageFormat patterns with live variable substitution, plural, select, number, and date formatting.

ROT13 / Caesar Cipher

Encode and decode text using ROT13 or custom Caesar cipher rotation.

NATO Phonetic Alphabet

Convert text to NATO phonetic alphabet representation and vice versa.

Reverse Text

Reverse text by characters, words, or lines with multiple transformation modes.