Escaping a string means replacing characters that would break a JSON string — like ", \, and newlines — with backslash escape sequences (\", \\, \n). This lets arbitrary text live safely inside the double quotes of a JSON value. Unescaping reverses it. Everything runs in your browser — nothing is sent to a server.
When do you need to escape a string?
- Embedding JSON inside JSON — storing a JSON payload as a string value in another JSON document.
- Putting code or SQL in a JSON field — a query with quotes and newlines must be escaped to stay valid.
- Log lines and error messages — multi-line text needs
\nto fit on one JSON string. - Hardcoding a string literal — pasting text that contains quotes into source code.
JSON escape sequences
| Character | Escaped as | Meaning |
|---|---|---|
" | \" | Double quote (mandatory) |
\ | \\ | Backslash (mandatory) |
| newline | \n | Line feed (U+000A) |
| carriage return | \r | U+000D |
| tab | \t | Horizontal tab (U+0009) |
| backspace | \b | U+0008 |
| form feed | \f | U+000C |
/ | \/ | Forward slash (optional) |
| control char | \uXXXX | Any other control character |
Example
The raw text He said "hi" followed by a newline becomes He said \"hi\"\n after escaping — ready to paste between the quotes of a JSON string. Unescaping turns it back into the original text with a real line break.
String escaping vs URL encoding
String escaping uses backslash sequences so text fits inside a JSON string. URL encoding replaces characters with %XX hex codes so text fits inside a URL. They solve the same problem for different formats — for URLs, use the URL Encoder instead. Working with Base64? See the Base64 Encoder & Decoder. For a deeper dive, read the complete guide to JSON string escaping.
Frequently Asked Questions
What does it mean to escape a string in JSON?
Escaping a string means replacing characters that would break a JSON string literal with backslash escape sequences. For example, a double quote becomes \", a backslash becomes \\, and a newline becomes \n. This lets you safely place arbitrary text inside the double quotes of a JSON string value.
What is the difference between escape and unescape?
Escape converts raw text into a JSON-safe form by adding backslash sequences, so you can paste it between quotes in a JSON document. Unescape does the reverse: it takes an already-escaped string and turns the escape sequences back into the original characters.
Which characters must be escaped in a JSON string?
Per RFC 8259, the double quote ("), the backslash (\), and all control characters (U+0000 to U+001F, such as newline, tab, and carriage return) must be escaped inside a JSON string. All other characters, including the forward slash, may appear unescaped.
Does the forward slash need to be escaped in JSON?
No. The forward slash (/) does not need to be escaped in JSON — \/ is allowed but optional. It is sometimes escaped to avoid the closing-script sequence </script> when JSON is embedded in HTML, but plain / is perfectly valid JSON.
How is string escaping different from URL encoding?
JSON string escaping uses backslash sequences (\", \n, \uXXXX) so text fits inside a JSON string. URL encoding (percent-encoding) replaces unsafe characters with %XX hex codes so text fits inside a URL. They solve the same problem for different formats and are not interchangeable.
Is my text sent to a server?
No. Escaping and unescaping happen entirely in your browser using JavaScript (JSON.stringify and JSON.parse). Your text is never uploaded, which makes this safe for tokens, code, and other sensitive content.
Last updated: May 2026