JSON Escape / Unescape Tool

What are JSON Escape Characters?

The JSON specification (ECMA-404 / RFC 8259) requires that string values inside a JSON document use double quotes as delimiters. This creates a conflict: if a string value itself contains a double quote, a backslash, or a control character like a newline, the JSON parser will misread it unless those characters are escaped.

Escaping means inserting a backslash (\) before the special character, transforming it into a two-character escape sequence that the parser knows to treat as a literal character rather than as JSON syntax.

For example, this is invalid JSON because the inner quote breaks the string boundary:

{ "message": "He said "hello" to me" }

This is the valid, escaped version:

{ "message": "He said \"hello\" to me" }

JSON Escape Sequences Reference Table

Every escape sequence defined by the JSON specification:

Unicode escapes use the form \uXXXX where XXXX is a four-digit hexadecimal code point. For example, \u00e9 represents the character é, and \u4e2d represents the Chinese character 中. Surrogate pairs (\uD800–\uDFFF) are used to encode characters outside the Basic Multilingual Plane.

When Do You Need JSON Escaping?

JSON escaping is required in several practical situations:

• Multiline strings - If you are building a JSON payload that contains a multi-line text block (for example a user's comment or an error message with newlines), you must replace each line break with \n.
• Paths and file names on Windows - Windows file paths use backslashes: C:\Users\Alice\file.txt. In JSON this must be written as C:\\Users\\Alice\\file.txt.
• Regex patterns in JSON config files - Regex often contains backslashes (\d, \w, etc.) that must be doubled in JSON.
• Storing HTML inside JSON - HTML snippets may contain double quotes (in attribute values). These must be escaped to prevent the JSON parser from breaking.
• SQL queries in JSON payloads - SQL strings often include apostrophes and quotes that need careful escaping before being serialized as JSON strings.

Common Use Cases: Embedding JSON in JSON, SQL, and HTML

Embedding JSON inside a JSON string

This pattern appears frequently in logging, message queues, and API gateways that wrap inner payloads as strings. The inner JSON object must have all its double quotes escaped:

{
  "event": "user_action",
  "payload": "{\"userId\":42,\"action\":\"login\",\"timestamp\":\"2026-03-05T10:00:00Z\"}"
}

JSON strings inside SQL

When building SQL INSERT or UPDATE statements that store JSON in a TEXT/JSONB column, you need to escape the JSON string for the SQL context as well as ensure the JSON itself is valid:

INSERT INTO logs (data) VALUES ('{"user":"alice","action":"login"}');

PostgreSQL's JSONB column accepts valid JSON directly. MySQL requires the string to be properly quoted within the SQL statement. Always use parameterized queries to avoid both SQL injection and escaping issues.

JSON data attributes in HTML

Embedding JSON in HTML data-* attributes requires HTML-encoding the double quotes as ":

<div data-config='{"theme":"dark","lang":"en"}'></div>

<!-- Or with double-quote attributes, HTML-encode: -->
<div data-config="{&quot;theme&quot;:&quot;dark&quot;}"></div>

Using single quotes for the HTML attribute (as in the first example) avoids the need to HTML-encode the inner JSON double quotes, which is the simpler approach when embedding JSON directly in HTML.

JavaScript string literals containing JSON

When writing JSON inside a JavaScript string (rather than a JS object literal), the quotes need escaping:

// Correct: use JSON.stringify instead of manual escaping
const jsonString = JSON.stringify({ user: "alice", active: true });
// Produces: '{"user":"alice","active":true}'

Frequently Asked Questions

Why do I need to escape JSON strings?

JSON strings must be enclosed in double quotes, so any double quote inside the string value must be escaped as \" to prevent the JSON parser from treating it as the end of the string. Similarly, backslashes, newlines, and control characters must be escaped so the JSON remains valid and parseable by any standards-compliant parser.

What characters need to be escaped in JSON?

The JSON specification requires escaping of: double quote (\"), backslash (\\), and control characters including newline (\n), carriage return (\r), horizontal tab (\t), form feed (\f), and backspace (\b). Any Unicode character can also be escaped as \uXXXX using its four-digit hex code point.

What is the difference between escaping and encoding in JSON?

JSON escaping refers to adding backslash sequences inside a JSON string value so special characters are treated as literal text rather than syntax. Encoding often refers to serializing an entire value or object into a JSON string representation (for example JSON.stringify in JavaScript). They solve different problems: escaping makes a string safe inside JSON, while encoding converts a data structure into a JSON-formatted string.

How do I embed JSON inside another JSON string?

To embed JSON as a string value inside another JSON document, you must escape all double quotes with \" and all backslashes with \\. For example, the JSON object {"key":"value"} becomes the string "{\"key\":\"value\"}" when embedded. Our escape tool handles this automatically — paste your inner JSON and it produces the correctly escaped string.