Skip to content

JSON Escape

Escape any text or JSON into a valid JSON string literal in your browser. Handles quotes, newlines, tabs, Unicode, and slashes. 100% private, no upload, instant.

No Tracking Runs in Browser Free
Options
Wrap in double quotes
Escape non-ASCII (\uXXXX)
Escape forward slash (\/)
0 chars
Escaped String
0 chars
Reviewed for JSON spec compliance, surrogate-pair correctness, round-trip safety, and HTML-embedding slash escaping — Go Tools Engineering Team · Jun 10, 2026

What is JSON Escaping?

JSON escaping is the process of converting a raw string into a form that is safe to embed inside a JSON document. JSON has a small set of characters that carry structural meaning — the double quote delimits strings, the backslash starts an escape sequence — plus control characters (newlines, tabs) that are not allowed to appear literally inside a string. Escaping replaces each of these with a safe two-character sequence (\", \\, \n, \t) or a \uXXXX Unicode escape, so the resulting string parses cleanly anywhere.

You reach for JSON escaping more often than you might think. The most common case is JSON-in-JSON: a webhook envelope, a message-queue payload, or an audit log stores a request body as a string field, which means the inner JSON must be escaped before it can be assigned. Another is hand-authoring JSON config: pasting a multi-line shell script, SQL query, or code snippet into a single JSON value requires turning every newline into \n. A third is building REST request bodies by hand in tools like curl, where a quoted JSON string must be escaped to survive the shell and the HTTP layer.

This tool has three differentiators over a naive escaper. First, it is built on the exact JSON specification rules — the same logic a compliant serializer uses — so output round-trips losslessly: escape here, parse anywhere, get your bytes back. Second, the optional ASCII-safe mode converts every non-ASCII character (including astral emoji, handled as surrogate pairs) to \uXXXX for systems that cannot be trusted with UTF-8. Third, everything runs 100% in your browser — your payloads, which often contain PII, tokens, and secrets, never touch a server. To reverse the process, use our JSON Unescape tool; to validate JSON first, see the JSON Formatter.

// Input text
She said "hi"
then left.

// Escaped (Wrap on) — identical to JSON.stringify(input)
"She said \"hi\"\nthen left."

// Escaped (Wrap off) — just the body, for hand-built JSON
She said \"hi\"\nthen left.

// JSON-in-JSON
{"a":1}  ->  "{\"a\":1}"  ->  {"payload": "{\"a\":1}"}

Key Features

Spec-Accurate Escaping

Built on the JSON specification's exact rules — quotes, backslashes, newlines, tabs, carriage returns, and control characters are escaped identically to a compliant serializer. Output round-trips losslessly through any JSON parser.

Quoted or Unquoted Output

Wrap in double quotes on gives a complete JSON string literal (same as JSON.stringify); off gives just the escaped body for when you are typing the quotes yourself in a hand-authored JSON document.

ASCII-Safe \uXXXX Mode

Optionally convert every character above U+007F to a Unicode escape, with astral characters like emoji handled as correct surrogate pairs. The output is pure ASCII, safe for legacy pipelines that mishandle UTF-8.

HTML-Safe Slash Escaping

Escape forward slash turns / into \/, neutralizing the </script> sequence so JSON can be inlined inside an HTML <script> tag without prematurely closing it. Off by default for clean output everywhere else.

Swap for Round-Trip Verification

One Swap direction button flips into unescape mode in place and feeds the output back as input, so you can confirm escape → unescape returns your original text byte for byte before shipping it.

100% Browser-Based Privacy

All escaping runs client-side — your payloads (PII, tokens, secrets) never leave the browser. Verify it in the Network tab: zero requests on paste. The only safe way to escape sensitive data in an online tool.

Examples

Embed JSON inside JSON (JSON-in-JSON)

{"event":"signup","user":{"id":42,"name":"Alice"}}

Escape this object so it can live as a string value inside another JSON document — e.g. a webhook payload field or a Kafka message envelope. With Wrap on, the output is ready to paste straight after a colon.

Multi-line code snippet into a config field

function greet(name) {
  return `Hello, ${name}!`;
}

Turn a multi-line JS function into a one-line JSON string. Newlines become \n and the backtick template stays intact — paste it into a JSON config value without breaking the file.

Text with quotes and tabs

She said "hello"	then left.

Double quotes are escaped to \" and the tab becomes \t, so the string is safe to drop into any JSON parser, log line, or REST request body.

ASCII-safe output for legacy systems

Price: 9.99€ — café société

Toggle Escape non-ASCII to convert € and accented letters to \uXXXX. The result is pure ASCII, safe for systems that mangle UTF-8 in transit.

How to Use

  1. 1

    Paste your text or JSON

    Enter or paste anything into the input field — a JSON object, a code snippet, a log line, or plain text. The escaped result appears instantly. Click 'Load example' to try a sample like a JSON-in-JSON payload or a multi-line function.

  2. 2

    Choose escaping options

    Keep 'Wrap in double quotes' on for a complete JSON string literal (same as JSON.stringify), or off to get just the escaped body. Toggle 'Escape non-ASCII' for pure-ASCII \uXXXX output, and 'Escape forward slash' when inlining JSON into an HTML <script> tag.

  3. 3

    Copy the escaped string

    Click Copy to grab the result, ready to paste into a JSON document, REST request body, or config file. Click Swap direction to flip into unescape mode and verify a lossless round-trip.

Common Escaping Pitfalls

Double-Escaping (escaping already-escaped text)

Running escape twice turns \n into \\n and \" into \\\", so the consumer sees a literal backslash-n instead of a newline. This usually happens when text was already JSON-escaped upstream. Unescape first (Swap direction) to check, then escape exactly once.

✗ Wrong 
Input already escaped: line1\nline2
Escaped again -> line1\\nline2  (literal backslash-n)
✓ Correct 
Raw input: line1
line2
Escaped once -> line1\nline2  (real newline encoded)

Forgetting the Surrounding Quotes

With Wrap off you get only the escaped body, not a complete JSON string. Pasting that directly where a value is expected produces invalid JSON because the quotes are missing. Either keep Wrap on, or make sure you type the quotes yourself.

✗ Wrong 
{"msg": hello \"world\"}
// Missing quotes around the value -> invalid JSON
✓ Correct 
{"msg": "hello \"world\""}
// Wrap on supplies the quotes -> valid JSON

Over-Escaping Non-ASCII Unnecessarily

Turning on Escape non-ASCII when the consumer handles UTF-8 fine just bloats the output and hurts readability — café becomes caf\u00e9 for no reason. Leave the option off unless a specific legacy system requires pure ASCII.

✗ Wrong 
café  ->  caf\u00e9   (no downstream need; just noise)
✓ Correct 
café  ->  café         (valid JSON, readable, smaller)

Common Use Cases

JSON-in-JSON Webhook Payloads
Escape a request body so it can be stored as a string field inside a webhook envelope, Kafka message, or audit log. Keep Wrap on and the output is ready to assign to a key in the outer document.
Multi-line Snippets in Config
Turn a multi-line shell script, SQL query, or code snippet into a single JSON string value. Every newline becomes \n so the JSON config file stays valid on one line.
Hand-Built REST Request Bodies
Escape a JSON string before dropping it into a curl --data argument or an HTTP client, so quotes and newlines survive the shell and the wire without breaking the request.
Log-Safe String Encoding
Escape user-supplied content before writing it to a structured log line, preventing injected quotes or newlines from corrupting the log format or a downstream JSON log parser.
ASCII-Only Legacy Integrations
Produce pure-ASCII \uXXXX output for SOAP gateways, email headers, or older systems that mangle UTF-8 in transit, while staying fully decodable by any modern JSON parser.
Inlining JSON into HTML
Escape forward slashes so a JSON blob can be embedded directly inside a <script> tag for server-rendered pages, without </script> inside the data closing the tag early.

Technical Details

Escaping Algorithm
The tool serializes your input with the JSON specification's string rules: U+0022 (") → \", U+005C (\) → \\, U+0008 → \b, U+000C → \f, U+000A → \n, U+000D → \r, U+0009 → \t, and any other character below U+0020 → \u00XX. With Wrap on, the surrounding double quotes are included; with it off, they are stripped. This matches the output of a compliant serializer exactly, guaranteeing lossless round-trips.
Unicode and Surrogate Pairs
By default, characters above U+007F are emitted as literal UTF-8, which JSON permits. With Escape non-ASCII on, each such character is converted to \uXXXX using its UTF-16 code unit; characters outside the Basic Multilingual Plane (emoji, rare scripts) are encoded as a surrogate pair of two \uXXXX escapes — for example 😀 (U+1F600) becomes \ud83d\ude00, the same representation a JSON serializer produces.
Forward-Slash and HTML Context
JSON does not require escaping /, so it is preserved by default. When Escape forward slash is enabled, every / becomes \/. The only practical reason to do this is HTML embedding: inside a <script> tag, the literal substring </script> closes the tag regardless of JSON context, so escaping the slash to <\/script> keeps the inlined JSON intact while remaining spec-valid.

Best Practices

Keep Wrap On for Complete Literals
When you need a value to assign in code or paste after a colon in JSON, keep Wrap in double quotes on — the output is a complete, parseable JSON string identical to JSON.stringify. Turn it off only when you are hand-typing the surrounding quotes yourself.
Leave Unicode Escaping Off Unless Required
Raw UTF-8 is valid JSON and far more readable. Enable Escape non-ASCII only for a specific downstream system that mishandles UTF-8 (legacy SOAP, some log pipelines, ASCII-only source files). Escaping everything by default just makes the output noisier.
Only Escape Slashes for HTML Embedding
The forward-slash escape matters in exactly one place: JSON inlined in an HTML <script> tag. Outside that context it adds clutter with no benefit, so leave it off for REST bodies, config files, and message payloads.
Verify Round-Trips with Swap
Before shipping escaped data into a pipeline, click Swap direction to unescape it and confirm you get the original text back. This catches accidental double-escaping — a frequent source of \\n showing up where \n was intended. Reverse anytime with our JSON Unescape tool.

Frequently Asked Questions

What does this JSON escape tool do?
It converts any text — a JSON object, a code snippet, a log line, or plain prose — into a valid JSON string literal, entirely in your browser. Special characters that would break a JSON document are escaped: double quotes become \", backslashes become \\, newlines become \n, tabs become \t, carriage returns become \r, and other control characters become \uXXXX. The result is a string you can safely paste as a value inside a JSON document, a REST request body, a configuration file, or a database column. Nothing is uploaded — the conversion runs 100% client-side, so it is safe for payloads containing PII, secrets, or internal data.
What is the difference between JSON escape and JSON stringify?
They describe the same core operation from two angles. JSON.stringify() in JavaScript takes a value and produces its JSON text representation; when the value is a string, that means wrapping it in double quotes and escaping the special characters inside — which is exactly JSON escaping. This tool does precisely that: with Wrap in double quotes on, the output equals JSON.stringify(yourText); with it off, you get the escaped body without the surrounding quotes, which is what you need when you are building the JSON by hand and already typed the quotes. So if you searched for json stringify online, this is the tool — it gives you both the quoted and unquoted forms.
Is my data uploaded anywhere?
No. All escaping runs entirely in your browser using JavaScript — your text is never transmitted, stored, logged, or analyzed on any server. This makes the tool safe for API payloads with PII, authentication tokens, internal configuration, and production secrets. You can verify it in your browser's Network tab: typing or pasting triggers zero network requests. There are no cookies for your input and no third-party analytics that capture what you paste.
When do I need the \uXXXX (escape non-ASCII) option?
JSON allows raw UTF-8, so by default an é stays an é and an emoji stays an emoji — perfectly valid and more readable. Turn on Escape non-ASCII only when a downstream system cannot be trusted with UTF-8: old SOAP/XML gateways, some logging pipelines, email headers, or source files that must stay pure ASCII. With it on, every character above U+007F becomes a \uXXXX sequence (astral characters like emoji become a surrogate pair, e.g. 😀 → \ud83d\ude00). The escaped output is byte-for-byte ASCII and decodes back to the original Unicode in any compliant JSON parser.
How do I embed a JSON object inside another JSON string (JSON-in-JSON)?
Paste the inner JSON into the input, keep Wrap in double quotes on, and copy the result — it is now a single escaped string you can assign to a key in the outer document. For example {"a":1} becomes "{\"a\":1}", which you place after a colon: {"payload": "{\"a\":1}"}. This double-encoding is common in webhook envelopes, message-queue payloads, and audit logs that store a request body as a string. To reverse it and read the inner object, use our JSON Unescape tool.
What does the Escape forward slash (\/) option do?
The forward slash / is a normal character in JSON and does not require escaping, so it is left alone by default. The option exists for one specific case: embedding JSON inside an HTML <script> tag, where the sequence </script> would prematurely close the tag. Escaping / to \/ turns </script> into <\/script>, which is still valid JSON but no longer a tag terminator. Enable it only when you are inlining JSON into HTML; for every other use, leave it off for cleaner output.
Does it handle newlines, tabs, and control characters correctly?
Yes. The tool is built on the JSON specification's exact escaping rules: newline → \n, carriage return → \r, tab → \t, backspace → \b, form feed → \f, double quote → \", backslash → \\, and any remaining control character below U+0020 → \uXXXX. This is identical to what a compliant JSON serializer produces, so the output round-trips losslessly: escape it here, parse it anywhere, and you get your original text back byte for byte.

Related Tools

View all tools →

Base64 Decoder & Encoder

Encoding & Formatting

Decode and encode Base64 online for free. Real-time conversion with full UTF-8 and emoji support. 100% private — runs in your browser. No signup needed.

Base64 to Image Converter

Encoding & Formatting

Decode a Base64 string or data URI back into an image in your browser. Preview, read dimensions & MIME, then download as PNG, JPG, GIF, SVG. No upload.

CSV to JSON Converter

Encoding & Formatting

Convert CSV to JSON in your browser. RFC 4180, type inference, header row, big-int safe. 100% private, no upload.

HTML to Markdown Converter

Encoding & Formatting

Convert HTML to clean Markdown in your browser — GFM tables, task lists, and links. Choose ATX/Setext headings and inline or reference links. Great for migrating web content or feeding LLMs. 100% private, no upload.

Image to Base64 Converter

Encoding & Formatting

Convert images to Base64 data URIs in your browser — PNG, JPG, GIF, WebP, SVG, ICO. Copy HTML, CSS, Markdown & JSON, with the exact size increase. 100% private, no upload.

JSON Diff & Compare

Encoding & Formatting

Compare two JSON files instantly in your browser. Side-by-side highlighting, RFC 6902 JSON Patch output, ignore noisy fields like timestamps and IDs. 100% private, no upload.