String Escape / Unescape
Developer
One tool for the dozen contexts where strings need to be safe to embed: JSON literals, JS source, HTML attributes, SQL string literals, regex patterns, shell arguments. Each flavor has a real implementation (not a one-size-fits-all replace) — JSON uses `JSON.stringify`, JS handles `\u{...}` and `\xNN`, HTML uses entity refs, SQL doubles single quotes, regex escapes metacharacters, shell wraps in single quotes with the `'\''` trick.
Output appears here as you type.
How to use
- Pick the flavor (JSON, JS, HTML, SQL, RegExp, Shell).
- Toggle escape ↔ unescape.
- Paste input, copy output.
Frequently asked questions
- How is 'JSON' different from 'JS'?
- JSON is a strict subset — no single-quoted strings, no `\x`, no `\u{...}`. The JS escaper produces what's valid in JS source; the JSON escaper produces what's valid inside a JSON string.
- Does shell escape work for cmd.exe?
- No — only POSIX shells (bash, zsh, sh). Windows cmd quoting is a different beast.
- Is the regex escape Unicode-aware?
- It escapes the dozen regex metacharacters the standard way. The result is safe to embed inside any regex flavor that uses the standard metaset.
- Why does my SQL escape look fragile?
- Doubling single quotes is the ANSI-standard escape and works in PostgreSQL, SQLite, modern MySQL with `NO_BACKSLASH_ESCAPES`. For untrusted input — always prefer parameterized queries.
Related tools
JWT Decoder
Decode a JSON Web Token to inspect its header, claims, and expiration.
UUID Generator
Generate random version-4 UUIDs in bulk, with copy.
Hash Generator (SHA)
Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text.
URL Encoder / Decoder
Percent-encode text for URLs, or decode encoded URLs back to text.
Base64 Encoder / Decoder
Encode text to Base64 or decode Base64 back to text, instantly.
JSON Formatter & Validator
Format, beautify, minify, and validate JSON right in your browser.