Last updated
Escaping Quick Reference
- HTML — escape
< > & " 'to prevent XSS - URL — use
encodeURIComponent()for query parameters - JSON — escape
" \ /and control characters - SQL — use parameterized queries (don't rely on escaping alone)
- Regex — escape
. * + ? ^ $ { } ( ) | [ ] \for literal matches - JavaScript strings — escape
" ' \ \n \t
Use TechConverter's Escape/Unescape Tool to instantly escape or unescape strings for any context — all processing happens in your browser with no data sent to any server.
Examples
Example 1: JavaScript String Escaping
Input: She said "Hello, world!" and it's great.
Output: She said \"Hello, world!\" and it\'s great.
// Special characters escaped:
\n → newline
\t → tab
\\ → backslash
\" → double quote
\' → single quote
\r → carriage return
\0 → null character
Example 2: JSON Escaping
Input: {"message": "Line 1
Line 2 tabbed"}
Escaped JSON string value:
"Line 1\nLine 2\ttabbed"
// JSON requires these escapes:
\" → double quote
\\ → backslash
\/ → forward slash (optional)
\n → newline
\r → carriage return
\t → tab
\b → backspace
\f → form feed
\uXXXX → Unicode character
Example 3: HTML Escaping (XSS Prevention)
Input (user-submitted content):
HTML-escaped output (safe to render):
<script>alert('XSS attack!')</script>
// HTML escape mappings:
& → &
< → <
> → >
" → "
' → '
// Always escape user input before inserting into HTML!