🔍 /

String Escaper / Unescaper

Developer utility to encode and decode strings for JSON, Java, HTML, XML, and URI contexts. Prevent syntax errors and injection vulnerabilities.

User Rating 0.0
Total Usage 0 times
Category Code Utilities
Input String
Chars: 0
Output String
Chars: 0 | Expansion: 0%
Is this tool helpful?

Your feedback helps us improve.

About

Data serialization requires strict adherence to syntax rules. A single unescaped quote in a JSON payload breaks the entire structure. Developers use string escaping to convert special characters into safe sequences. This process ensures that data passes through transport layers without being misinterpreted as executable code or delimiters. Security protocols rely on this transformation to prevent Cross Site Scripting (XSS) and SQL injection. Manual replacement is error-prone and slow. This tool automates the conversion across multiple standards including Java strings and Uniform Resource Identifiers. It guarantees that control characters like newlines and tabs are preserved correctly during the encoding process.

string manipulation json escape html entities url encoding java string

Formulas

The escaping process can be defined as a mapping function E that transforms a character sequence S based on a protocol P. For a single character c, the transformation logic follows strict conditional rules.

E(c) =
{
replacement code if c in ReservedCharsc otherwise

In URL encoding, specifically for the encodeURIComponent method, the set of unescaped characters U is limited to alphanumerics and specific symbols. The escape density ρ increases as the input contains more reserved characters.

ρ = len(E(S))len(S)

A density ρ > 1 indicates that the string size has expanded due to encoding overhead (e.g. converting 1 byte into 3 bytes like %20).

Reference Data

CharacterNameJSON / JavaHTML EntityURL (UTF-8)XML
"Double Quote\""%22"
"Single Quote" (Java char \')'%27'
&Ampersand&&%26&
<Less Than<<%3C<
>Greater Than>>%3E>
\Backslash\\\%5C\
LFLine Feed\n %0A
CRCarriage Return\r %0D
TABHorizontal Tab\t %09
SPACESpace   (non-breaking)%20
/Forward Slash\/ (optional)/%2F/
BSBackspace\b%08N/A

Frequently Asked Questions

JSON is a strict data interchange format derived from JavaScript but has stricter rules. For example, JSON requires double quotes for keys and string values. Single quotes are valid in JavaScript code but invalid in JSON syntax. Additionally, JSON does not support octal escape sequences or the vertical tab character, which JavaScript allows.
The function encodeURI is designed for full URLs and preserves special protocol characters like colon, forward slash, and question mark. In contrast, encodeURIComponent encodes these characters, making it suitable for encoding values placed inside a query string parameter. Using encodeURI on a parameter value breaks the URL structure.
XML has only five predefined entity references: lt, gt, amp, apos, and quot. HTML includes these five but supports hundreds of named entities (like copy or nbsp) defined in its DTD. Using an HTML-specific entity in an XML document causes a parsing error unless that entity is explicitly declared in the XML preamble.
Yes. When escaping for Java or JSON, non-ASCII characters outside the basic printable range are often converted to Unicode escape sequences (backslash u followed by four hexadecimal digits) to ensure safe transmission across ASCII-only channels. URL encoding converts these bytes into percent-encoded sequences based on UTF-8.
Regular expressions use the backslash as an escape character for their own syntax. When defining a regex inside a string literal (like in Java), you must escape the backslash for the string parser first. This results in double escaping. To match a literal backslash, you often need four backslashes in the source code.