String Escaper & Unescaper
Escape strings for JS, JSON, HTML, SQL, shell or regex — and reverse.
Six escaping schemes in one tool. Pick a target — JavaScript string, JSON string, HTML, SQL literal, shell single-quote or regex literal — and toggle escape vs unescape. Useful when wrangling embedded strings across different layers of a stack.
Common use cases
- Embed a string with quotes safely into a JS source file
- Escape user input for a SQL string literal during quick debugging
- Generate the regex-safe form of a literal string to use in a pattern
- Quote arbitrary data for a shell command without command-injection
Frequently asked questions
Why is shell escape always wrapping in single quotes?▾
Single-quoted shell strings are the safest way to pass arbitrary text — nothing inside is interpreted, except a literal ' which we encode as the 4-char sequence '\''.
Does SQL escaping prevent injection?▾
It only escapes the apostrophe. For real safety, use parameterised queries — escaping is a fallback for ad-hoc tooling.
Is HTML escaping XSS-safe?▾
It covers &, <, >, " and '. Sufficient for inserting text into HTML or attributes; it doesn't sanitise URL contexts (use the URL Encoder for those).
Related tools
{}
JSON Formatter & Validator
Beautify, validate and minify JSON instantly in your browser.
↔
JSON ↔ CSV Converter
Convert JSON arrays to CSV and CSV back to JSON.
B64
Base64 Encoder & Decoder
Encode and decode Base64 strings, including UTF-8 and binary.
%
URL Encoder & Decoder
Percent-encode and decode URL components safely.