Which characters must be escaped in a JSON string?

The JSON spec requires escaping the double quote and the backslash, plus all control characters below U+0020. Common controls have short escapes such as backslash-n for newline and backslash-t for tab; the rest become a six-character \uXXXX sequence.

Does it escape the forward slash?

JSON allows the forward slash to be escaped as backslash-slash but does not require it. This tool leaves it unescaped by default for readability, which is valid JSON. The optional toggle escapes it when you need to avoid the closing tag sequence inside embedded HTML.

Will it produce the surrounding quotes?

By default it outputs just the escaped string body so you can paste it between your own quotes. Toggle the wrap option to get the value fully wrapped in double quotes, ready to drop in as a complete JSON value.

How are characters above the BMP handled?

Characters above U+FFFF such as emoji are left as their literal UTF-8 characters, which is valid JSON. If you require pure ASCII output, the escaper can emit surrogate-pair \uXXXX\uXXXX sequences when the ASCII-safe option is on.

Is unescape strict about invalid escapes?

Unescape follows JSON rules: it recognises the known short escapes and \uXXXX, and reports an error on an invalid escape such as a lone backslash or a malformed \u sequence, rather than guessing what you meant.

JSON String Escaper/Unescaper

When you embed arbitrary text inside a JSON string, certain characters must be escaped or the JSON becomes invalid. This tool escapes text into a spec-correct JSON string body and unescapes it back, so you can move data in and out cleanly.

How it works

Escaping applies the JSON string rules in order. The backslash and double quote get short escapes, the common control characters get their named escapes, and any other control character becomes a \uXXXX sequence:

\  -> \\        "  -> \"
newline -> \n   tab -> \t   carriage return -> \r
backspace -> \b  form feed -> \f
other controls (< U+0020) -> \u00XX

Unescaping reverses this: it reads each backslash sequence, expands the known escapes and \uXXXX references, and rejects malformed escapes with an error.

Tips and notes

The backslash must be escaped before the quote, or you would double-escape an already-escaped quote. The forward slash never needs escaping in JSON, so it is left alone by default; turn on slash-escaping only when embedding JSON inside an HTML script tag, where </ could otherwise close the tag early. For pure-ASCII output across systems with shaky encoding, enable the ASCII-safe option to emit every non-ASCII character as \uXXXX.