Escape and Unescape JavaScript Strings

Escape special characters for safe embedding in code, JSON, or URLs. Unescape encoded strings back to their original readable form.

Escape and Unescape JavaScript Strings

Escape special characters for safe embedding in code, JSON, HTML, or URLs.

Input

Context:

Escaped Output

Output will appear here

How the String Escape & Unescape Tool Works

Enter your string and select the context: JavaScript, JSON, HTML, or URL. Each context has different special characters that need escaping. Click Escape to encode or Unescape to decode.

JavaScript escaping handles quotes, newlines, and backslashes. JSON wrapping adds quotes and escapes appropriately. HTML converts special characters to entities. URL encoding handles spaces and special chars.

Results appear instantly with copy functionality. The tool handles Unicode characters correctly. All processing happens locally in your browser.

When You'd Actually Use This

Embedding strings in code

User input contains quotes or backslashes. Escape before embedding in JavaScript strings. Prevent syntax errors in generated code.

Creating JSON payloads

String values need proper JSON escaping. Wrap and escape in one step. Ensure valid JSON for API requests.

Preventing XSS attacks

Escape user input before displaying in HTML. Converts <script> to safe entities. Essential security practice.

Building URL query strings

Spaces and special chars break URLs. URL encode parameter values. Ensure valid, working links.

Debugging encoded data

Received escaped strings in logs or APIs. Unescape to see actual content. Understand what data really contains.

Generating template literals

Create JavaScript template strings dynamically. Escape backticks and dollar signs. Prevent template injection issues.

What to Know Before Using

Different contexts need different escaping.HTML escaping won't protect in JavaScript context. URL encoding is different from HTML entities. Match the escape to the context.

Double-escaping causes problems.Escaping already-escaped text breaks it. & becomes & when unescaped, not &. Track what's already escaped.

HTML escaping isn't enough for JavaScript.Even HTML-escaped content can be dangerous in script contexts. Use context-appropriate escaping for each situation.

URL encoding uses percent notation.Spaces become %20, ampersands become %26. Different from HTML entities (&). Don't mix the formats.

Security note: For production, use established libraries (DOMPurify for HTML, proper templating for JS). This tool is for quick tasks and understanding escaping concepts.

Common Questions

What characters does JavaScript escape?

Backslash, single/double quotes, newline, carriage return, tab, and other control characters. Each gets a backslash escape sequence.

How is JSON escaping different?

JSON requires double quotes for strings. The tool wraps your input in quotes and escapes internal quotes. Ready for JSON.stringify output.

What are HTML entities?

Special character codes like < for <, & for &. Browsers render entities as characters, not HTML.

When should I use URL encoding?

For query parameters and URL path segments. Any user input going into a URL needs encoding. Prevents broken links and injection.

Does it handle Unicode?

Yes, Unicode characters are preserved. Some may be escaped depending on context. Non-ASCII chars work correctly.

Can I escape entire files?

Paste file contents directly. Large files work but may be slow. For batch processing, use command-line tools.

What's the difference between encodeURI and encodeURIComponent?

encodeURIComponent escapes more characters. Use it for query parameter values. encodeURI is for complete URLs. This tool uses encodeURIComponent.

Other Free Tools

Search tools

Escape and Unescape JavaScript Strings