Escape & unescape strings for JSON, JS, Java, C, SQL, Shell, HTML, CSV & regex — both directions — browser-only
- Runs locally
- Category Developer & DevOps
- Best for Formatting, validating, shrinking, or inspecting code-adjacent text.
Escapes \n \t \" \\ and control chars as \uXXXX. No surrounding quotes added.
What this tool does
A free, client-side string escaping tool for nine target languages at once. Pick JSON, JavaScript, Java, C/C++, SQL (single-quote), POSIX Shell, HTML entities, CSV (RFC 4180) or regex, paste your text, and get the correctly escaped form — or flip the switch and unescape a pasted literal back to plain text. Each target follows the real rules of that language, not a one-size-fits-all backslash pass.
JSON output escapes the four required characters and turns control bytes into the canonical \uXXXX form, so it pastes straight into a request body without breaking the parser. JavaScript adds the vertical-tab and backtick cases you need for template literals. Java escapes every non-ASCII code point as \uXXXX, the form javac actually wants in source. C uses \xHH hex escapes plus \a and \?. SQL doubles single quotes the ANSI way. Shell wraps the whole string in single quotes and rewrites inner quotes as the classic single-quote splice, so the result survives a copy-paste into bash. HTML, CSV and regex each follow their own spec.
Everything runs in your browser tab. Your input — which is often a stack trace, a customer record, or a chunk of someone's source — never leaves the page. The shareable URL carries the input and target so a teammate opens the same view, and your last-used language is remembered locally.
Tool details
- Input
- Text + Numbers
- The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
- Output
- Live result + Copy
- The result area focuses on usable output, with copy, download, or preview actions when supported.
- Privacy
- Browser-side processing
- The main tool logic does not call an external API, so inputs normally stay in the current tab.
- Save / share
- Shareable URL state
- Key settings are encoded in the URL so another person can reopen the same setup.
- Performance budget
- Initial JS <= 9 KB
- No WASM budget is declared, keeping the tool quick to open on mobile.
- Best fit
- Developer & DevOps · Developer
- Category and role tags drive related tools, internal links, and quick fit checks.
How to use
-
1. Input
Paste or drop your content into the tool panel.
-
2. Process
Click the button. All processing is local in your browser.
-
3. Copy / Download
Copy the result or download to disk in one click.
How String Escape / Unescape fits into your work
Use it in the small gaps between coding, reviewing, debugging, and shipping.
Developer jobs
- Formatting, validating, shrinking, or inspecting code-adjacent text.
- Preparing snippets for documentation, tickets, commits, or handoff.
- Checking a small payload quickly without switching tools.
Developer checks
- Run irreversible transforms like minify or obfuscate on a copy.
- Keep secrets out of pasted snippets unless the tool explicitly stays local.
- Use your normal tests or linter before shipping transformed code.
Good next steps
These links move the current task into a more complete workflow.
- 1 HTML Entities Encoder Encode/decode HTML entities — & < > " ' and all numeric refs — browser-only Open
- 2 URL Encoder / Decoder Encode and decode URL-unsafe characters — query strings, path segments, full URLs — instant, browser-only Open
- 3 JSON Formatter & Validator Format, validate, and minify JSON instantly — right in your browser. Open
Real-world use cases
Paste a multi-line log message into a JSON request body
You are hand-building a curl request and need to drop a three-line error message into a JSON field. Pasting it raw breaks the JSON because of the newlines and the embedded double quotes. Select JSON, paste the log, copy the output — newlines become \n, quotes become \", and any stray control byte becomes \uXXXX. Drop the result between your own quotes in the request body and the API parses it on the first try instead of returning a 400 you have to debug.
Build a one-off SQL literal for a data fix
A support ticket needs you to update one row where the customer's name is O'Brien. Typing it straight into a console query closes the string early and throws a syntax error. Select SQL, paste O'Brien, copy O''Brien, and paste that between your quotes. For the one-off console fix this is exactly right — for anything that touches user input, the FAQ reminds you to switch to a parameterized query instead.
Pass a filename with spaces and quotes safely to bash
You scripted a command that operates on a path like /tmp/a b's file, and bash keeps splitting it on the space and choking on the apostrophe. Select Shell, paste the path, and the tool wraps it in single quotes and rewrites the apostrophe as the '\'' splice. Paste the result into your script and bash treats the whole thing as one literal argument, no word-splitting, no glob surprises.
Read a stack trace someone escaped before sending it
A teammate pasted a Java exception into Slack but their client escaped it, so it arrived as one line full of \n and \uXXXX. Switch to Unescape, pick Java, paste the blob, and read the real multi-line trace with the Unicode restored. Pair it with the unicode-character-inspector when a single glyph in the message looks suspicious.
Quote a CSV cell that contains a comma
You are assembling a CSV by hand and one cell is a full address with commas inside it. Dropping it in raw shifts every following column. Select CSV, paste the address, and the tool wraps it in double quotes and doubles any inner quote per RFC 4180, so the cell stays one field when the spreadsheet imports it.
Common pitfalls
Escaping a JSON string twice. If you run already-escaped text through JSON escape again, every backslash doubles and \n becomes \\n — the parser then gives you a literal backslash-n instead of a newline. Escape once, at the moment you build the literal; if you are not sure, use Unescape first to get back to plain text, then escape.
Treating SQL escaping as injection protection. Doubling single quotes makes a literal valid, it does not make untrusted input safe. Numeric contexts, identifiers and charset tricks slip past it. For anything touching user input, use parameterized queries — see the FAQ.
Using backslash escaping for shell when single-quote wrapping is what you want. Backslash-escaping a string for bash is fragile across shells and breaks on glob characters and substitutions. The single-quote wrap this tool produces is literal end to end, which is almost always what you actually need.
Privacy
Every escaper and unescaper is plain JavaScript that runs in your browser tab — JSON, JS, Java, C, SQL, Shell, HTML, CSV and regex. Your input never touches a server, nothing is logged, and there is no analytics on what you converted. The one caveat: the shareable URL encodes your current input and target language in the query string, so if you paste a "share link" into Slack or email, the destination server's access log will record that text. For a public snippet that is fine; for a production stack trace, a customer record, or anything sensitive, copy the output manually instead of sharing the URL.
FAQ
Tool combos
Folks in your role tend to reach for these alongside this tool.
- Add Line Numbers Number every line of pasted text — set start, step and separator, zero-pad to align, skip blanks, or strip numbers back off — browser-only
- AES Text Encryptor Encrypt & decrypt text with a password — AES-256-GCM + PBKDF2 via WebCrypto — 100% in your browser, nothing uploaded
- Age Difference Calculator The exact gap between two birthdays — years/months/days, percentage, and the date one person is twice the other's age — browser-only
- AI Model Comparison AI model comparison — 20+ models (GPT / Claude / Gemini / Llama / Qwen) across price, context, speed, capabilities (2026).