String Escape / Unescape

About String Escape/Unescape

String escaping converts special characters into a safe representation for a specific context. This prevents injection attacks, syntax errors, and encoding issues when embedding strings in code, URLs, or markup.

Escape Formats

• JSON: Escapes quotes, backslashes, newlines, tabs — wraps in quotes
• JavaScript: Like JSON but also handles single quotes and template literals
• HTML: Converts < > & " to HTML entities
• URL: Percent-encodes special characters (%20 for space)
• XML: Like HTML but also handles apostrophes
• CSV: Wraps fields in quotes, escapes internal quotes by doubling
• SQL: Escapes single quotes by doubling (prevents SQL injection)
• Regex: Escapes regex metacharacters (. * + ? etc.)
• Unicode: Converts non-ASCII characters to \\uXXXX sequences

FAQ

Why do I need to escape strings?

Unescaped strings can cause syntax errors (a quote inside a JSON string breaks the JSON) or security vulnerabilities (unescaped HTML can lead to XSS attacks, unescaped SQL enables SQL injection).

What's the difference between encoding and escaping?

Escaping adds a prefix character (like backslash) before special characters. Encoding transforms characters into a different representation (like URL percent-encoding or HTML entities). Both make special characters safe for their context.