String Escape / Unescape

Escape or unescape strings for HTML, URLs, JSON, SQL, and regular expressions. Useful for embedding strings in code, sanitising input, or debugging encoded values.

⌘↵ run · ⌘⇧C copy · ⌘K search tools

String Escaping Reference

Different contexts require different escaping rules to prevent injection attacks and parsing errors. Embedding user input in HTML without escaping causes XSS. Putting strings into SQL without escaping causes injection. Using a literal string in a regex without escaping causes pattern errors.

When to use each format

HTML entities - inserting untrusted text into HTML templates

URL / percent - encoding query parameter values before appending to URLs

JSON string - embedding a string value inside a JSON document or JS string literal

SQL string - single-quote escaping for SQL string literals (prefer parameterised queries)

Regex literal - escaping a string to match it literally in a regular expression

Related tools

URL Encoder / Decoder
Regex Tester & Explainer
ASCII & HTML Entity Converter

String Escape / Unescape

String Escaping Reference

When to use each format

Related tools

Cookie Consent