String Escape / Unescape
Escape and unescape strings for HTML, JSON, URL, and regex
Enter text above to escape it
Converts special characters for safe use in HTML, JSON, URLs, or regex patterns. All processing happens locally in your browser.
About String Escape
Escape and unescape strings for HTML, JSON, URLs, and regular expressions. String escaping converts special characters into safe representations for a target context — preventing injection attacks, encoding issues, and syntax errors. Developers need escaping when building HTML templates, constructing JSON strings, embedding values in URLs, or writing regex patterns with literal special characters. This tool handles all four major escaping contexts in both directions, running entirely in your browser.
How to Use String Escape
- Paste the string you need to escape or unescape.
- Select the escaping context: HTML, JSON, URL, or Regex.
- Choose Escape or Unescape direction.
- Copy the result using the copy button.
String Escape FAQ
Which escape modes are available?
HTML entity escaping, JSON string escaping, URL percent-encoding, and regex special character escaping are all supported in both escape and unescape directions.
Can escaped strings be reversed?
Yes. Unescape mode is available for all supported formats to convert escaped strings back to their original form.
When should I use HTML escaping?
HTML escaping is essential when inserting user-supplied text into HTML to prevent XSS (cross-site scripting) attacks. Characters like <, >, &, and quotes are converted to HTML entities.
What does JSON escaping handle?
JSON escaping handles special characters that need backslash escaping in JSON strings: quotes, backslashes, newlines, tabs, and control characters.
Is my data sent to a server?
No. All escaping and unescaping runs locally in your browser. Your strings never leave your device.