What characters need to be escaped in JSON strings?

JSON strings must escape double quotes (\"), backslashes (\\), and control characters U+0000–U+001F including newline (\n), carriage return (\r), tab (\t), backspace (\b), and form feed (\f). Other characters including Unicode are allowed unescaped.

Is JSON escaping the same as JavaScript string escaping?

They are similar but not identical. JSON only allows double-quoted strings and has a strict subset of escape sequences. JavaScript adds single-quoted strings, template literals, hex escapes (\xNN), and the \0 null escape that JSON does not support.

Is this JSON escape tool private?

Yes. All escaping and unescaping runs entirely in your browser using native JavaScript APIs. No data is sent to any server.

JSON Escape / Unescape | Escape JSON Strings Online

Sequence	Represents	Unicode
\"	Double quote	U+0022
\\	Backslash	U+005C
\n	Newline (LF)	U+000A
\r	Carriage return	U+000D
\t	Horizontal tab	U+0009
\b	Backspace	U+0008
\f	Form feed	U+000C
\uXXXX	Unicode code point	U+0000–FFFF

You are writing a unit test and need to embed a multi-line SQL query inside a JSON fixture file. Every double quote breaks the string. Every newline character silently corrupts the payload. You paste the string into this tool, click Escape, and get a clean, valid JSON string value in under a second — no server, no paste risk, no dependencies.

What Does JSON String Escaping Mean?

JSON (JavaScript Object Notation) defines a strict syntax for string values. A JSON string must be enclosed in double quotes and any character that would break that syntax — or that falls outside the printable ASCII range — must be replaced with a predefined escape sequence.

The JSON specification (RFC 8259) defines exactly seven single-character escape sequences and one multi-character form:

Escape	Meaning
`\"`	Double quote (U+0022)
`\\`	Backslash (U+005C)
`\n`	Newline / line feed (U+000A)
`\r`	Carriage return (U+000D)
`\t`	Horizontal tab (U+0009)
`\b`	Backspace (U+0008)
`\f`	Form feed (U+000C)
`\uXXXX`	Any Unicode code point (e.g. `\u00e9` for é)

All other printable characters (including /, <, >, &, ', most punctuation, and all multi-byte Unicode) are allowed unescaped in JSON strings. You only need to escape ", \, and control characters U+0000–U+001F.

When You Need JSON String Escaping

Embedding code or markup: Putting JavaScript code, HTML templates, SQL queries, or regex patterns inside a JSON value requires escaping every double quote and every literal newline.

Config files with human-readable text: Many configuration formats (package.json, tsconfig.json, manifest files) store messages, descriptions, or paths as JSON strings. Paths on Windows like C:\Users\name\file must become C:\\Users\\name\\file.

API request bodies: When constructing JSON programmatically, values from user input must be escaped before interpolating them into a string — failing to do so is a common source of JSON parse errors and, in some contexts, injection vulnerabilities.

Log messages and error strings: Stack traces and error messages frequently contain quotes, backslashes (especially on Windows), and newline characters that break JSON serialization.

Testing and fixtures: Test fixture files often embed expected output from commands or APIs. Multi-line expected output must be escaped to fit inside a JSON string.

Escape vs Unescape

Escape takes raw text and produces a string you can safely place inside the "…" delimiters of a JSON string value. This tool escapes ", \, all ASCII control characters (U+0000–U+001F including newline, tab, carriage return, form feed, backspace), and optionally non-ASCII characters using \uXXXX sequences.

Unescape reverses the process. It accepts either a bare escaped string (without surrounding quotes) or a complete JSON string literal (with quotes), parses all escape sequences, and returns the original text. This is useful for reading escaped strings in log files, API responses, or config files.

How the Tool Handles Tricky Cases

Backslash first: When escaping, backslashes must be processed before all other characters. Otherwise \n would get double-escaped to \\n instead of staying \n. This tool applies the backslash substitution as the first step.

Unicode characters: Non-ASCII characters like é, 日, 🚀 are valid unescaped in JSON strings per the spec — JSON uses UTF-8. However, if you need ASCII-safe output (for older systems or contexts where only 7-bit ASCII is safe), you can represent any character with \uXXXX. This tool escapes U+0000–U+001F (control characters) with \u sequences and leaves all other characters unescaped by default.

Surrogate pairs: Characters outside the Basic Multilingual Plane (above U+FFFF, such as emoji) require two \u sequences in JSON: a high surrogate followed by a low surrogate. For example, 🚀 (U+1F680) becomes \uD83D\uDE80. The browser’s JSON.stringify handles this correctly, and this tool does too.

Validating JSON on unescape: The unescape operation uses JSON.parse internally, which validates the escape sequences strictly. Malformed inputs (broken \u sequences, lone surrogates, invalid escapes) produce a clear error message rather than silently returning garbage output.

JSON Escaping in Code

JavaScript

// Escape: built-in JSON.stringify handles it
const raw = `He said "hello"\nLine 2`;
const escaped = JSON.stringify(raw); // includes outer quotes
const value = JSON.stringify(raw).slice(1, -1); // just the escaped value

// Unescape:
const original = JSON.parse(`"${escaped}"`); // wrap in quotes first

Python

import json

raw = 'He said "hello"\nLine 2'
escaped = json.dumps(raw)          # '"He said \\"hello\\"\\nLine 2"'
value = json.dumps(raw)[1:-1]      # strip outer quotes

# Unescape:
original = json.loads(f'"{value}"')

Node.js / CLI

# Escape a string to JSON format
node -e "process.stdout.write(JSON.stringify(process.argv[1]))" -- 'He said "hello"'

# Unescape a JSON string value
echo '"He said \\"hello\\""' | node -e "const d=require('fs').readFileSync('/dev/stdin','utf8');console.log(JSON.parse(d.trim()))"

Frequently Asked Questions

Does JSON require escaping forward slashes (/)? No. The JSON spec allows / unescaped. Some parsers optionally escape it as \/ for safety in HTML <script> tags (to prevent </script> injection), but this is not required by the spec and is not done by this tool.

Do I need to escape Unicode characters? Only U+0000–U+001F (control characters) must be escaped. All other Unicode characters, including CJK ideographs, Arabic, and emoji, are valid unescaped in JSON strings as long as the file is UTF-8 encoded. This tool escapes only the required control characters.

Why does JSON.stringify add outer quotes? JSON.stringify produces a complete JSON string literal including the surrounding " characters. If you want just the escaped value for embedding inside another JSON string, strip the first and last character. The Escape output in this tool does not include the surrounding quotes.

Is this tool safe for sensitive data? Yes. All processing happens in your browser using the native JSON.stringify and JSON.parse APIs. No data is sent to any server.

URL Encoder / Decoder — percent-encode special characters for use in URLs
HTML Entity Encoder — escape <, >, &, " for HTML contexts
Base64 Encoder / Decoder — encode binary or text data to Base64
JavaScript Escape Tool — escape strings for JS single-quote, double-quote, and template literal contexts

JSON Escape / Unescape