JSON Escape / Unescape

Name: JSON Escape / Unescape
Author: S. Siddiqui

The JSON Escape / Unescape tool converts strings containing double quotes, backslashes, and control characters into their JSON-safe escape sequences, and reverses that process to restore the original readable text. Use it when embedding raw strings inside JSON documents, debugging doubly-escaped API payloads, or constructing JSON configuration files by hand.

Edited by

S. Siddiqui Founder & Editor-in-Chief

Updated June 6, 2026

Sources:MDN Web Docs W3C IETFUpdated Jun 2026

Plain Text Input

Output

What Is JSON Escape / Unescape?

JSON Escape is the process of converting certain characters within a string value so they can be safely represented inside a JSON document. JSON Unescape is the reverse: it converts those escape sequences back into their original characters so the string is human-readable. These two operations are fundamental to JSON's string-handling rules, which are defined in RFC 8259 Section 7, the authoritative specification for the JSON Data Interchange Format.

In JSON, every string value must be enclosed in double quotation marks. This creates a structural problem: if the string content itself contains a double quotation mark, a backslash, or a control character such as a newline or tab, those characters would break the JSON syntax. The solution is escaping: substituting each problematic character with a backslash-prefixed sequence that JSON parsers recognise. A double quote becomes \", a backslash becomes \\, a newline becomes \n, a carriage return becomes \r, a tab becomes \t, a form feed becomes \f, and a backspace becomes \b. Any Unicode character can also be represented as \uXXXX, where XXXX is the four-digit hexadecimal code point.

Most of the time, calling JSON.stringify() in JavaScript, json.dumps() in Python, or json_encode() in PHP handles escaping automatically. However, there are situations where you are working with a raw string that needs to be embedded inside an existing JSON document, where you are constructing JSON manually in a template or configuration file, or where you have received a doubly-escaped JSON string from an API or logging system that needs to be unescaped before you can parse it. This online tool handles all of those scenarios instantly, with no setup required.

The MDN Web Docs reference on JSON.stringify() confirms that the method applies all required escaping automatically, making it the correct way to produce JSON strings programmatically. The tool on this page is useful for the cases where you are operating outside the context of a standard serialise call.

How to Use the JSON Escape / Unescape Tool

Choose your operation. Select "Escape" if you have a raw string that you want to make safe for inclusion inside a JSON value. Select "Unescape" if you have a JSON-escaped string (one containing sequences like \n, ", or \\) that you want to convert back into its original readable form.
Paste your input string. For Escape, paste the raw text content you want to embed as a JSON string value, for example a multi-line message, a file path containing backslashes, or a block of code containing double quotes. For Unescape, paste the escaped string as it appears inside the JSON document, including any escape sequences.
Click "Run" to process the input. The tool scans the string and applies or removes escape sequences according to the JSON specification.
Review the output. For Escape, the output is the processed string with all special characters replaced by their escape sequences. For Unescape, the output is the original human-readable string with all escape sequences restored to their actual characters.
Copy the result. Use the copy button to place the processed string on your clipboard. If you are escaping, the output is ready to paste directly inside a JSON string value (between double quotes). If you are unescaping, the output is the fully readable string.

Why Use This Tool

Automatic escaping via built-in JSON functions is the correct approach in production code. However, several real scenarios arise where a developer or data professional needs to escape or unescape a string outside the normal serialisation pipeline.

Manually constructing JSON in configuration files or templates

When writing JSON configuration files by hand, such as a package.json, an AWS CloudFormation template, or an environment-specific settings file, you may need to include a string value that contains quotation marks, backslashes, or newlines. Using this tool to pre-escape the string before pasting it into the file prevents syntax errors that can be difficult to diagnose in deeply nested configurations.

Embedding one JSON document inside another

A common pattern in web services is storing a serialised JSON payload as a string value within an outer JSON document. For example, a Webhook event payload might include an event_data field whose value is a JSON string. Sending that inner JSON without escaping it causes a parse error in the outer document because the inner curly braces, colons, and quotes all have structural meaning. Escaping the inner JSON first makes it a safe, flat string value.

Debugging doubly-escaped API responses

Logging systems, message queues such as Apache Kafka, and some REST APIs occasionally produce responses where the JSON payload has been serialised to a string and then serialised again. The result is a string like "{\"name\":\"Alice\"}", where every quote is double-escaped. Pasting this into the Unescape tool strips one layer of escaping to reveal the readable JSON beneath, so you can then parse it normally.

QA engineers writing API test suites, DevOps engineers constructing infrastructure configuration, and back-end developers integrating third-party webhooks all encounter situations where this tool saves significant debugging time. Unlike using JSON.stringify() in a browser console, this tool provides a focused interface for the escaping operation alone, without requiring you to wrap your input in an object or handle the surrounding syntax.

Real-World Use Cases

DevOps engineer embedding a script in a JSON configuration

A DevOps engineer at a cloud infrastructure company is writing an AWS Systems Manager Run Command document in JSON. The document includes a field whose value is a multi-line shell script containing backslashes, double quotes around variable names, and newline characters. Pasting the raw script directly into the JSON file breaks the syntax. The engineer uses this tool to escape the script, producing a single-line string with all characters correctly encoded, then pastes the result as the field value. The configuration validates and deploys without errors on the first attempt.

Back-end developer constructing a webhook payload

A back-end developer at a payments company is building an outbound webhook system using Node.js and Express.js. Each webhook event includes an original_request field containing the full inbound API payload as a nested JSON string, so the receiving system can audit the original data. The developer uses this tool to verify that a sample inbound payload is correctly escaped before writing the production serialisation logic, confirming that nested quotes and backslashes in customer-supplied fields do not corrupt the outer envelope.

Data analyst reading a log export

A data analyst at an e-commerce company receives a CSV export from a logging platform where each row contains a JSON string column. Several of those strings appear double-escaped, with sequences like \\n and \\", because the log aggregation pipeline serialised the payload twice before writing to the CSV. The analyst uses this tool to unescape a sample string, confirm it produces valid JSON, and then writes a Python script using the same logic to process the full 50,000-row file before loading it into BigQuery.

QA engineer verifying API contract compliance

A QA engineer at a SaaS company is testing an external partner API that returns order status updates. The API documentation states that the notes field can contain free-form text including double quotes and newline characters. The engineer uses this tool to escape several test strings containing edge-case characters, including emoji, Windows file paths with backslashes, and SQL fragments with single and double quotes, and then sends them as test values through the API to verify the partner system handles them correctly without returning a 400 error.

Common Mistakes and Troubleshooting

Manually escaping strings instead of using a library

Attempting to escape JSON strings by writing your own find-and-replace logic is a common source of bugs. It is easy to miss the (form feed) and (backspace) control characters, or to escape in the wrong order and double-escape existing backslashes. Always use a built-in JSON function such as JSON.stringify() in JavaScript or this dedicated tool rather than constructing escape sequences manually.

Forgetting to escape backslashes before double quotes

When escaping manually or checking escaped output, backslashes must be escaped before other characters. If you escape double quotes to " first and then escape backslashes, you will inadvertently double-escape the backslashes you just introduced, producing \" instead of ". The correct order is: escape backslashes to \ first, then escape double quotes to ", and then handle control characters. This tool applies the correct order automatically.

Confusing JSON escaping with HTML or URL encoding

JSON escaping, HTML escaping (converting < to <), and URL encoding (converting spaces to %20) are three different systems for different contexts. A string that needs to appear in a JSON document requires JSON escaping; a string that will be inserted into HTML requires HTML escaping; a string in a query parameter requires URL encoding. Applying the wrong type of encoding is a common source of data corruption. Use the appropriate tool for each context.

Double-escaping a string that is already escaped

If you receive an already-escaped JSON string and run it through an escape tool again, you will double-escape the backslashes: a " in the input becomes \" in the output. This results in a string that cannot be parsed correctly. Before escaping any string, check whether it has already been escaped by looking for existing \ sequences. If it has, unescape it first and then re-escape if needed, or use the string as-is in its current form.

Expecting escape sequences in the final parsed output

A common misunderstanding is expecting the escape sequences to appear in the value after JSON parsing. They do not. The sequences , ", and \ are encoding instructions for the JSON parser, not characters that survive parsing. After JSON.parse(), the resulting string contains the actual newline character, the actual double quote, and the actual backslash. If you see literal text in your parsed output, the string was not parsed at all and is being treated as a raw string.

Including the surrounding double quotes in the input

When using an escape tool, paste only the content of the string, not the enclosing double quotes that delimit it in JSON. If you include the outer quotes, the tool will escape them along with the rest of the content, producing a result like "hello world" instead of hello world. Similarly, when unescaping, do not include the surrounding quotes of a JSON string literal in your input unless you specifically want them unescaped as part of the content.

Last reviewed: June 6, 2026

Founder's Real-World Experience

S. Siddiqui

Founder & Editor-in-Chief, YourToolsBase

The CloudFormation deployment that failed because of an unescaped backslash

In late 2023 I was provisioning a new worker instance on the Contabo VPS using an AWS Systems Manager Run Command document stored as a JSON file in the repository. The document included a field containing a small shell script that set a file path variable using a backslash-terminated Windows-style path, copied over from a Windows developer's notes. Every time I ran the deployment, CloudFormation rejected the document with a generic JSON parse error and no line number.

I spent over an hour manually reading the 200-line JSON file looking for the problem. I eventually pasted the full document into a JSON validator, which pointed to the exact position of the unescaped backslash inside the script string. A single backslash in a JSON string value must be written as \\ or the entire document is invalid. The fix took three seconds once I knew what it was.

I built this tool because that kind of error is invisible to the human eye when reading JSON in a text editor. You cannot see the difference between a valid escape sequence and a lone backslash at a glance. Now I run any hand-crafted JSON string through the escape tool before pasting it into a configuration file, and I have not had a deployment fail for that reason since.

Diagnosed a single unescaped backslash causing full deployment failureSaved over an hour of manual JSON file inspectionEstablished escape-before-paste workflow for all hand-crafted config strings

Also used alongside: JSON Validator

Frequently Asked Questions

What characters need to be escaped in JSON?

The JSON specification requires escaping: double quote (" becomes \"), backslash (\ becomes \\), and all control characters from U+0000 through U+001F. Named escape sequences are \b (backspace), \f (form feed), \n (newline), \r (carriage return), and \t (tab). All other Unicode characters are allowed unescaped, or can optionally be represented as \uXXXX.

Does JSON.stringify automatically escape special characters?

Yes. JSON.stringify() in JavaScript applies all required escaping automatically. Passing an object or string with embedded double quotes, backslashes, or control characters always produces valid JSON output with those characters correctly escaped. Always use JSON.stringify() rather than constructing JSON strings manually when working in JavaScript or Node.js.

What is the difference between JSON escaping and URL encoding?

JSON escaping uses backslash-based sequences (like \n and \") to make string content safe for inclusion in a JSON document. URL encoding uses percent-encoding (like %20 for a space) to make string content safe for use in a URL. The two systems are completely separate and must not be mixed.

Why does my JSON have double backslashes like \\n instead of \n?

Double backslashes usually mean the string has been escaped twice. This happens when a JSON payload is serialised to a string and then that string is serialised again as part of an outer JSON document. Use the Unescape mode of this tool to strip one layer of escaping to reveal the original content.

How do I include a newline character in a JSON string?

In a JSON document, a literal newline inside a string is not permitted. You must represent it as the escape sequence \n. When a JSON parser reads this, it converts it back to the actual newline character. In code, simply include the newline in your string and let the JSON serialiser escape it for you.

When should I use JSON escape vs. JSON stringify?

Use JSON.stringify() when serialising a structured value such as an object or array. Use a JSON escape tool when you need to embed a raw string as a value within an existing JSON document, such as pasting a file path into a configuration file, or when you receive an unexpectedly escaped string from an external system.

Is JSON escaping the same as JSON encoding?

The terms are used interchangeably in most contexts. JSON encoding typically refers to the full serialisation of a value (what JSON.stringify() does), while JSON escaping refers specifically to the character-level substitution applied to string values. Escaping is part of encoding, so the terms are closely related.

Can I use this tool to escape strings for use in a database?

JSON escaping makes a string safe for inclusion in a JSON document, not for SQL insertion. SQL injection prevention requires parameterised queries or prepared statements. If storing JSON in a database such as PostgreSQL or MySQL, use a parameterised query and let the database driver handle the SQL-level escaping.

What happens if I do not escape special characters in JSON?

Unescaped double quotes, backslashes, or control characters inside a JSON string produce invalid JSON. Any parser that reads it will throw a parse error, which can cause API requests to fail with 400 errors, configuration deployments to break, or stored data to become unreadable.

Does JSON unescape handle Unicode escape sequences like \u0041?

Yes. The JSON specification allows any Unicode character to be represented as \uXXXX, where XXXX is the four-digit hexadecimal code point. When this tool unescapes a string, it converts all \uXXXX sequences to their actual Unicode characters. This is useful when dealing with APIs that encode all non-ASCII characters as Unicode escape sequences.

Rate This Tool

Was this tool helpful?

Be the first to rate this tool

About the Author