About

Unescaped strings cause silent failures. A single unescaped double quote inside a JSON payload breaks the parser. An unescaped backslash in a JavaScript string literal produces unexpected characters or syntax errors. This tool applies correct escape sequences character-by-character across three contexts: JavaScript/JSON (escaping ", \, newlines, tabs, and control characters per ECMA-262 §12.8.4), Regular Expressions (escaping the 12 metacharacters defined in the RegExp syntax), and a raw mode that simply prefixes every occurrence of \ with an additional \. The reverse operation (unescape) is also supported. Note: this tool handles standard ASCII and Unicode BMP escaping. Surrogate pairs for characters outside the BMP are not decomposed into \uXXXX sequences.

Formulas

The escape operation maps each input character c to its escaped form c′ using a lookup table M specific to the selected mode.

c′ =

{

M(c) if c ∈ keys(M)c otherwise

The full output string S′ is the concatenation of all transformed characters:

S′ = n∏i=1 c_i′

Where n = length of input string, and the product symbol here denotes string concatenation. For JS/JSON mode, the map M contains 10 entries: \ → \\, " → \", " → \", newline → \n, carriage return → \r, tab → \t, backspace → \b, form feed → \f, forward slash → \/, and null byte → \0. For RegExp mode, the map escapes 12 metacharacters: . * + ? ^ $ { } ( ) [ ] | \. The unescape operation applies the inverse map M⁻¹, parsing two-character escape sequences back to their original single characters.

Reference Data

Character	Name	JS/JSON Escape	RegExp Escape	Unicode Escape	Hex Escape
"	Double Quote	\"	" (no escape needed)	\u0022	\x22
"	Single Quote	\"	' (no escape needed)	\u0027	\x27
\	Backslash	\\	\\	\u005C	\x5C
/	Forward Slash	\/	\/	\u002F	\x2F
(newline)	Line Feed	\n	\n	\u000A	\x0A
(return)	Carriage Return	\r	\r	\u000D	\x0D
(tab)	Horizontal Tab	\t	\t	\u0009	\x09
(backspace)	Backspace	\b	\b (word boundary in regex)	\u0008	\x08
(form feed)	Form Feed	\f	\f	\u000C	\x0C
.	Dot / Period	. (no escape needed)	\.	\u002E	\x2E
*	Asterisk	* (no escape needed)	\*	\u002A	\x2A
+	Plus	+ (no escape needed)	\+	\u002B	\x2B
?	Question Mark	? (no escape needed)	\?	\u003F	\x3F
^	Caret	^ (no escape needed)	\^	\u005E	\x5E
$	Dollar Sign	$ (no escape needed)	\$	\u0024	\x24
{	Left Curly Brace	{ (no escape needed)	\{	\u007B	\x7B
}	Right Curly Brace	} (no escape needed)	\}	\u007D	\x7D
(	Left Parenthesis	( (no escape needed)	\(	\u0028	\x28
)	Right Parenthesis	) (no escape needed)	\)	\u0029	\x29
[	Left Square Bracket	[ (no escape needed)	\[	\u005B	\x5B
]	Right Square Bracket	] (no escape needed)	\]	\u005D	\x5D
\|	Pipe	\| (no escape needed)	\\|	\u007C	\x7C

Frequently Asked Questions

JSON is a strict subset of JavaScript string escaping. Both escape backslash, double quotes, and control characters (newline, tab, etc.) identically. The key difference: JSON does not recognize single-quote escapes (\') because JSON mandates double-quoted strings only. This tool's JS/JSON mode escapes single quotes as well, making the output safe for both single-quoted and double-quoted JS string literals. If you need strict JSON-only output, you can ignore the single-quote escaping since JSON parsers treat a literal single quote as a normal character.

Regular expressions have their own metacharacter set that carries special meaning inside patterns. The dot (.) matches any character, the asterisk (*) is a quantifier, the caret (^) is an anchor, etc. These 12 characters must be escaped with a backslash to be treated as literals inside a RegExp. Conversely, a double quote has no special meaning in regex syntax and does not need escaping. The two escape maps serve fundamentally different purposes: JS/JSON escaping produces valid string literals, while RegExp escaping produces safe pattern fragments.

The unescape operation only recognizes valid escape sequences from the selected mode's map. If it encounters a backslash followed by a character that is not in the inverse map (e.g., \q in JS/JSON mode), it preserves the sequence as-is rather than corrupting the data. This conservative approach prevents data loss. Be aware that \b is ambiguous: in JS/JSON mode it represents the backspace character (U+0008), but in regex it represents a word boundary assertion. The tool resolves this based on the currently selected mode.

This tool operates on the literal characters present in your input. It does not convert Unicode characters to \uXXXX escape sequences - it only escapes the syntactically dangerous characters defined in each mode's lookup table. A character like é or 🎉 passes through unchanged because it is not a metacharacter in any context. If you need full Unicode-to-escape-sequence conversion (e.g., for ASCII-safe JSON transport), that is a separate encoding operation not covered by standard backslash escaping.

No. SQL escaping and shell escaping have entirely different rules and security implications. SQL uses doubled single quotes ('') or parameterized queries. Shell escaping depends on the specific shell (bash, zsh, PowerShell) and quoting context. Using JavaScript-style backslash escaping for SQL or shell input will not prevent injection attacks. Use dedicated, context-appropriate escaping functions for those environments.

Double-escaping occurs. A backslash (\) in the already-escaped input gets escaped again to (\\). For example, the sequence \n (two characters: backslash + n) becomes \\n (four characters: two backslashes + n). This is actually correct behavior when you need to embed an escaped string inside another string literal layer (e.g., generating code that generates code). The unescape operation reverses exactly one layer of escaping per invocation.