Ttooleras
🔡

JSON Escape/Unescape

Developer Utilities

Escape JSON for embedding in code or unescape JSON strings back to readable format. Free, private — all processing in your browser.

"\"
\\\\\\
newline\\n
tab\\t
Advertisement

The JSON Escape/Unescape tool specifically handles the unique case of JSON-within-JSON or JSON-in-string embedding. When you need to include a JSON document as a string value inside code (JavaScript, SQL, HTML, Java, config files), every quote and backslash must be escaped. Conversely, JSON strings retrieved from databases or nested API responses come escaped — unescape them back to readable JSON. This is different from general String Escape/Unescape (which handles various formats) or URL Encoder/Decoder (URL-specific). This tool focuses specifically on JSON: properly escape inner quotes, backslashes, newlines, and control characters, or reverse the process.

Common scenarios: logging JSON payloads to a text log (need escaping), storing JSON as a string in a database TEXT column (escape it), JWT tokens containing JSON claims (already escaped, need to unescape to read), and embedded JSON in source code (hardcoded JSON strings need escaping). Runs in your browser — your JSON (maybe with secrets) never leaves.

JSON Escape/Unescape — key features

JSON-specific escaping

Applies only RFC 8259 JSON string escape rules — not URL, HTML, or other formats.

Bidirectional

Escape for embedding. Unescape to recover original.

Double-escape detection

Warns if input looks double-escaped — suggests unescaping twice.

Validates JSON after unescape

Unescaped result validated as JSON if it looks like JSON. Error reported if invalid.

Preserves Unicode

Non-ASCII chars preserved or escaped to \uXXXX (configurable).

Copy to clipboard

Result ready for use in code, database INSERT, config file.

Handles large JSON

Multi-megabyte JSON processes in browser.

100% client-side

Your JSON (possibly with tokens, credentials) stays in browser.

How to use the JSON Escape/Unescape

  1. 1

    Paste JSON or escaped string

    Raw JSON to escape, or escaped string to unescape.

  2. 2

    Choose direction

    Escape — raw JSON to escaped string. Unescape — escaped back to raw JSON.

  3. 3

    Configure Unicode handling

    Preserve non-ASCII as-is (modern apps), or escape to \uXXXX (legacy compatibility).

  4. 4

    Copy result

    Escaped string ready to paste into code, or unescaped JSON ready for validation/formatting.

Common use cases for the JSON Escape/Unescape

Code embedding

  • Hardcode JSON in JavaScript: Embed sample JSON as string in JS code — escape first.
  • JSON config in properties file: Java .properties files store strings — JSON embedded needs escape.
  • JSON in shell scripts: Bash scripts with curl requests containing JSON body.
  • Test fixtures: Unit tests embedding JSON as strings — escape for inline definition.

Database operations

  • INSERT JSON into TEXT column: Databases without JSON type — escape JSON for VARCHAR/TEXT.
  • Stored procedure parameters: Pass JSON as string parameter to stored procs.
  • Legacy system integration: Old systems only accept string fields — embed JSON as escaped string.

Logging and debugging

  • Unescape log entries: Logs escape JSON to fit on one line. Unescape to read.
  • Read JWT payloads: JWT decodes to JSON object, not escaped string. Use [JWT Decoder](https://tooleras.com/tools/jwt-decoder).
  • Parse nested webhook data: Webhook payload contains another JSON as string. Unescape to read.
  • Inspect stored JSON: Database stored JSON as TEXT — unescape to see original.

API development

  • Pass JSON as query string: Rare but happens — escape first, URL-encode, attach to URL.
  • Embed JSON in XML CDATA: XML document containing JSON — CDATA wrapping plus escape.
  • GraphQL variables: GraphQL variables are JSON. Sometimes stored as string for templating.

JSON Escape/Unescape — examples

Escape simple JSON

For code embedding.

Input
{"name":"Alice","age":30}
Output
{\"name\":\"Alice\",\"age\":30}

(Every \" is escape for use in code)

Unescape for reading

Back to readable JSON.

Input
{\"users\":[\"Alice\",\"Bob\"]}
Output
{"users":["Alice","Bob"]}

Escape with newlines

Formatted JSON for storage.

Input
{
  "message": "Hello\nWorld"
}
Output
{\n  \"message\": \"Hello\\nWorld\"\n}

Double-escaped

Accidentally escaped twice.

Input
{\\\"name\\\":\\\"Alice\\\"}
Output
Unescape once: {\"name\":\"Alice\"}
Unescape twice: {"name":"Alice"}

(Tool warns when double-escape detected)

Unicode handling

Non-ASCII preserved or escaped.

Input
{"message": "Hello 世界"}
Output
Preserved: {"message":"Hello 世界"}
Unicode-escaped: {"message":"Hello \u4E16\u754C"}

In JavaScript source

Hardcode JSON as string.

Input
const config = "{...escaped JSON...}";
Output
const config = "{\"apiUrl\":\"https://api.x.com\",\"timeout\":5000}";

(Use JSON.parse(config) to restore object)

Technical details

JSON escape rules (RFC 8259 §7):

Characters that must be escaped in JSON string values:

| Character | Escape | Unicode |
|---|---|---|
| Double quote | \\" | U+0022 |
| Backslash | \\\\ | U+005C |
| Forward slash | \\/ (optional) | U+002F |
| Backspace | \\b | U+0008 |
| Form feed | \\f | U+000C |
| Newline | \\n | U+000A |
| Carriage return | \\r | U+000D |
| Tab | \\t | U+0009 |
| Control chars U+0000 to U+001F | \\uXXXX | |

JSON-in-JSON:

When one JSON contains another as a string:

Inner JSON:
``json
{"name": "Alice", "age": 30}
``

Escaped for embedding:
``
{\"name\": \"Alice\", \"age\": 30}
``

Outer JSON containing escaped inner:
``json
{
"payload": "{\"name\": \"Alice\", \"age\": 30}",
"signature": "..."
}
``

When parsing payload, JSON.parse gives you the string {"name": "Alice", "age": 30}. Parse THAT with JSON.parse to get the object. Double-parsing.

Common sources of escaped JSON:

JWT payload (Base64URL encoded JSON):
``
eyJuYW1lIjoiQWxpY2UiLCJhZ2UiOjMwfQ
`
Base64-decode to get {"name":"Alice","age":30}` — that is JSON, not escaped string.

Log files with JSON as message:
``
2026-05-05 ERROR [worker-1]: Payload received: {\\"id\\":42,\\"error\\":\\"timeout\\"}
``
Log escapes JSON to fit on one line. Unescape to read.

Database-stored JSON in TEXT column:
``sql
INSERT INTO logs (payload) VALUES ('{"user":"Alice"}')
``
If stored in TEXT (not JSONB), may be escaped when retrieved via some drivers.

Webhook payload in URL parameter:
``
?payload=%7B%22user%22%3A%22Alice%22%7D
``
URL-encoded (not JSON-escaped — different). Use URL Encoder/Decoder for URL.

Escape in programming languages:

JavaScript:
``javascript
const jsonString = JSON.stringify(obj); // Produces JSON text
const escaped = JSON.stringify(jsonString); // Escapes for embedding
``

Python:
``python
import json
json_str = json.dumps(obj)
escaped = json.dumps(json_str) # Double encode
``

Java:
``java
ObjectMapper mapper = new ObjectMapper();
String jsonStr = mapper.writeValueAsString(obj);
String escaped = mapper.writeValueAsString(jsonStr);
``

Common pitfalls:

- Triple-encoded JSON: accidentally escaped multiple times. Each layer adds backslashes. Unescape repeatedly to reveal original.
- Mixed escape rules: JSON escape vs URL encode vs shell escape. Use the right one.
- Control characters in source: real newlines in JSON source must be \\n (escaped). Paste with real newlines fails.

Validation:

Escape: always works on any string.
Unescape: requires valid JSON-escape syntax. Reports errors like unknown escape sequences or unterminated strings.

When to use this tool vs others:

- JSON in a JSON value: this tool.
- HTML entity encoding: HTML Entity Encoder/Decoder.
- URL encoding: URL Encoder/Decoder.
- Base64 (for binary in JSON): Base64 Encoder.
- Multi-format string escape: String Escape/Unescape.

Common problems and solutions

Double-escaped JSON

Accidentally escaped multiple times: {"name":"Alice"} becomes {\\\"name\\\":\\\"Alice\\\"}. Unescape multiple times to restore. Tool detects and warns.

Mixing JSON escape with URL/HTML encode

Different encodings for different contexts. Do not mix. For URLs, use URL encoder. For HTML, HTML entity encoder. For JSON-in-JSON, this tool.

Real newlines in JSON

JSON strings cannot contain literal newline chars — must be \\n escape. Pasting formatted JSON with real newlines fails. Either escape first, or use multiline JSON extension.

Preserving types

Escape/unescape preserves JSON structure. Types (string, number, boolean) preserved. Only string values are affected by escape.

Invalid escape sequences

Unescaping fails on invalid sequences like \\z (not a valid JSON escape). Only \\\", \\\\, \\/, \\b, \\f, \\n, \\r, \\t, \\uXXXX allowed.

Unicode surrogate pairs

Emoji and some Unicode chars are surrogate pairs (two \\uXXXX). Properly handled. Malformed pairs cause errors.

Forward slash escape is optional

\\/ is valid but not required. Some frameworks generate it (PHP json_encode by default). Both forms parse identically.

BOM in output

Some editors insert Byte Order Mark (U+FEFF). Technically a character in JSON, causes issues for some parsers. Strip BOM before embedding.

JSON Escape/Unescape — comparisons and alternatives

JSON Escape vs String Escape: This tool specifically for JSON within JSON/string. General String Escape/Unescape handles multiple formats (HTML, JS, SQL, etc.).

JSON Escape vs URL Encoding: Different purposes. JSON escape for string contents inside JSON. URL encoding for putting data in URLs (%20 for space). Use correct one for your context.

JSON Escape vs Base64: Base64 for binary-to-text (images, files in JSON). JSON escape for text-in-JSON. Different purposes; often combined (binary → Base64 string → escape as JSON value).

JSON Escape vs JSON Minification: Minification removes whitespace from JSON. Escape prepares JSON for embedding as string. Different operations; JSON can be both minified AND escaped (minify first, then escape).

Double-escaped issue: Common mistake — escape, then escape again accidentally. Each escape doubles backslashes. Unescape repeatedly to fix.

JSON.stringify twice vs JSON.stringify once: In JavaScript, JSON.stringify(obj) produces JSON. JSON.stringify(JSON.stringify(obj)) produces JSON string of that JSON — escaped string. Rarely what you want.

Frequently asked questions about the JSON Escape/Unescape

What is JSON escaping?

Preparing JSON text to be used as a string value inside code or another format. Characters like double quotes, backslashes, and newlines need to be escaped so the outer parser does not misinterpret them. For example, to put JSON inside a JavaScript string variable.

When do I need to escape JSON?

When embedding JSON as a string inside: (1) Source code (JavaScript, Python, Java strings). (2) Databases without native JSON types (stored as TEXT). (3) Log files (JSON as log message text). (4) Config files that are not JSON themselves (JSON as property value in .properties file).

Is my JSON safe here?

Yes. Processing in your browser. JSON never uploads. Safe for JSON containing tokens, credentials, user data.

What is double escaping?

Accidentally escaping the same string twice. First escape: quotes become \\\". Second escape: backslashes become \\\\, so \\\" becomes \\\\\\\". Causes mystery bugs. Tool detects potential double-escape.

Why would JSON have literal newlines?

Sometimes JSON-as-text is pretty-printed with real newlines between properties. Pretty-printed JSON is valid JSON text. When you want to embed it as a string, newlines must be escaped (\\n). Tool handles this automatically.

Should I use forward slash escape?

Optional. \\/ is valid JSON but unnecessary. Most modern tools do not generate it. Some (PHP json_encode by default) do. Both forms parse to same result.

How does Unicode work?

JSON supports Unicode. Two options: (1) Preserve as-is — modern approach, JSON stored as UTF-8 with native chars. (2) Escape to \\uXXXX — legacy, ASCII-only output. Tool offers both.

Can I escape formatted (pretty) JSON?

Yes. Pretty-printed JSON with indentation and newlines can be escaped. All whitespace preserved as escape sequences (\\n, spaces). Unescape restores original.

What about binary data in JSON?

JSON has no binary type. Encode binary as Base64 first (use our Base64 Encoder), then include the Base64 string in JSON. Escape JSON if embedding whole structure.

How is this different from URL encoding?

Completely different encodings. JSON escape uses backslash sequences (\\", \\\\). URL encoding uses percent-encoded bytes (%20). Different purposes — JSON for string-in-JSON, URL for data-in-URL. Do not mix.

Additional resources

Advertisement

Related tools

All Developer Utilities
🔄

Base64 Encoder/Decoder

Encode and decode Base64 strings, files, and images instantly

🏷️

HTML Entity Encoder/Decoder

Encode special characters to HTML entities (&, <, ", ©) or decode entities back to their literal characters.

{}

JSON Formatter

Format, validate, and beautify JSON instantly in your browser

📦

JSON Minifier

Compact JSON by removing whitespace — reduce file size by up to 80%

📊

JSON to CSV

Flatten nested JSON into CSV rows — ready for Excel, Google Sheets, analysis

🔀

JSON to YAML Converter

Convert JSON to YAML or YAML to JSON — preserves structure, nested objects

Learn more

Next.js App Router: A Complete Beginner Tutorial

26 min read

How to Decode a JWT: A Practical Debugging Guide (with the Base64URL Gotcha Nobody Warns You About)

17 min read

The canonical tag is a hint, not a promise

22 min read

Explore more tools

200+ free tools that run in your browser.

Browse all tools →