JSON String Escaping Rules and Edge Cases

Q: JSON String Escaping Rules and Edge Cases

## JSON String Escaping JSON (RFC 8259) has strict and limited escaping rules. Unlike most programming languages, JSON only allows a specific set of escape sequences — anything else is a parse error. Understanding these rules prevents silent data corruption and parsing failures. ### Required Escape Sequences JSON mandates escaping these characters inside strings: \\" → double quote (U+0022) \\\\ → backslash (U+005C) \\/ → forward slash (U+002F) — optional but allowed \\b → b

Complete guide to JSON string escaping as defined by RFC 8259. Covers the required escape sequences, Unicode encoding, control character handling, and common pitfalls when constructing JSON strings manually.

Data Formats

Detailed Explanation

JSON String Escaping

JSON (RFC 8259) has strict and limited escaping rules. Unlike most programming languages, JSON only allows a specific set of escape sequences — anything else is a parse error. Understanding these rules prevents silent data corruption and parsing failures.

Required Escape Sequences

JSON mandates escaping these characters inside strings:

\\"     → double quote (U+0022)
\\\\     → backslash (U+005C)
\\/     → forward slash (U+002F) — optional but allowed
\\b     → backspace (U+0008)
\\f     → form feed (U+000C)
\\n     → newline / line feed (U+000A)
\\r     → carriage return (U+000D)
\\t     → tab (U+0009)
\\uXXXX → any Unicode character (exactly 4 hex digits)

What JSON Does NOT Support

Single quotes: JSON strings must use double quotes. 'hello' is invalid JSON.
Hex escapes: \\xHH is not valid in JSON. Use \\u00HH instead.
Octal escapes: \\0, \\377 are not valid.
Named escapes: \\a (alert), \\v (vertical tab) are not valid.
Raw control characters: Characters U+0000 through U+001F must be escaped as \\uXXXX.

Unicode Surrogate Pairs

Characters outside the Basic Multilingual Plane (above U+FFFF) must be encoded as a surrogate pair:

"\\uD83D\\uDE00"

This represents the grinning face emoji (U+1F600). The high surrogate (\\uD83D) and low surrogate (\\uDE00) together identify the code point.

Forward Slash Escaping

Escaping / as \\/ is valid but not required. It exists as a convenience for embedding JSON in HTML <script> tags, where </script> would prematurely close the tag:

{"html": "<\\/script>"}

Manual Construction Pitfalls

Building JSON strings by hand or with string concatenation is error-prone. Always use a proper JSON serializer (JSON.stringify(), json.dumps(), Jackson, etc.):

// Wrong — breaks on newlines, quotes, backslashes
const json = '{"msg": "' + userInput + '"}';

// Correct — handles all escaping automatically
const json = JSON.stringify({ msg: userInput });

Pretty-Printing and Minification

Whitespace between JSON tokens (outside strings) is insignificant. Minification removes it; pretty-printing adds it. Neither affects the escape sequences inside string values.

Use Case

JSON escaping knowledge is essential for API development, configuration file management, data serialization, log file parsing, constructing JSON payloads in shell scripts, debugging API responses with unexpected characters, building JSON templates, and handling international text in JSON-based storage systems.

Try It — String Escape/Unescape

Open full tool →