JSON Escape / Unescape Online — Free, Browser-Based, No Signup
- Paste JSON to escape it into a string, or paste an escaped string to get readable JSON back.
- Handles quotes, backslashes, newlines, tabs, control characters, and unicode escapes.
- Runs in your browser. Nothing is uploaded, logged, or sent anywhere.
Table of Contents
Escaping JSON means turning a JSON value into a string that can safely sit inside another JSON string, a SQL query, a shell argument, or a config file. Unescaping is the reverse — taking that escaped string and getting the original JSON back. Our free tool does both in one paste, with no signup and no file upload.
The two operations are simple individually. The headache is doing them by hand for anything longer than a one-liner — every double quote needs a backslash, every backslash itself needs a backslash, and a single missed character breaks the whole thing.
Escape JSON in One Paste
Open the tool, switch to the Escape tab, and paste your JSON on the left. The escaped string appears on the right immediately.
Input:
{"name": "Alex", "quote": "She said \"hi\""}
Escaped output (ready to paste inside another string):
"{\"name\": \"Alex\", \"quote\": \"She said \\\"hi\\\"\"}"
That's what the same JSON looks like if you wanted to embed it inside another JSON property, a database column, or a shell argument. The outer quotes are added; every inner quote and backslash gets its own escape.
Unescape JSON Back to Readable Format
Switch to the Unescape tab and paste an escaped JSON string. The tool parses it and shows the original JSON — properly indented and ready to read.
Input:
"{\"name\":\"Alex\",\"roles\":[\"admin\",\"editor\"]}"
Output:
{
"name": "Alex",
"roles": ["admin", "editor"]
}
Common cases where you'll need this: log files where JSON was logged as a string, database columns storing JSON-as-text, API responses that wrap a JSON payload inside a string field, or any situation where someone called JSON.stringify twice when they meant once.
What Actually Gets Escaped (and Why)
JSON has a fixed list of characters that must be escaped inside a string. Knowing the list helps you debug escape errors:
| Character | Escape | Why |
|---|---|---|
Double quote (") | \" | Otherwise terminates the string |
Backslash (\) | \\ | Otherwise starts an escape sequence |
Forward slash (/) | \/ (optional) | Allowed but not required by JSON spec |
| Backspace | \b | Control character, must be escaped |
| Form feed | \f | Control character |
| Newline (LF) | \n | Strings can't contain raw newlines |
| Carriage return (CR) | \r | Strings can't contain raw returns |
| Tab | \t | Strings can't contain raw tabs |
| Any character below U+0020 | \u00XX | Control characters need unicode escape |
Three things that don't need escaping but often do in practice: single quotes (JSON allows them raw inside strings — but if your outer container is a single-quoted shell or SQL string, you'll need to escape them at that layer), unicode characters above U+007F (allowed raw, but some embedded contexts require \u escapes), and the forward slash (allowed raw, but escaped for safety in HTML embedding).
Why Local Processing Matters Here
Strings you escape are often sensitive. Connection strings with passwords, API tokens, customer records, log lines that include user data — all common things to escape so they survive a roundtrip through some other system.
Every escape operation in our tool runs in your browser. There's no upload step, no log file on a server, no third party that ever sees your input. Open DevTools' Network tab and watch — pasting and clicking escape generates zero outgoing requests.
If you want to be paranoid, the tool keeps working after you disconnect from the internet. Once the page is loaded, it's all local JavaScript.
Common Workflows This Tool Solves
The cases that drive most usage:
- Embedding JSON inside another JSON field. Logging structured data, storing config blobs in database columns, sending JSON inside a webhook payload that wraps it as a string.
- Pasting JSON into a shell command. Curl with a JSON body, jq filters, k8s manifests with embedded JSON. Each shell layer needs its own escape.
- Reading escaped JSON from logs. Your log line shows
{"user_id":"42","event":"..."}— paste it into Unescape and get back the readable original. - Debugging double-stringified JSON. When code calls
JSON.stringifyon something that was already a JSON string, you end up with escape sequences inside escape sequences. Unescape twice and you get back to the original.
For each case the workflow is the same: paste, click, copy. Two tabs cover both directions.
Escape or Unescape JSON Now
Free, no signup, runs in your browser. Two tabs — pick a direction and paste.
Open Free JSON Escape / Unescape ToolFrequently Asked Questions
What is the difference between escaping and encoding JSON?
Escaping protects characters that have special meaning inside a JSON string (quotes, backslashes). Encoding usually means converting to a different format entirely (Base64, URL-encoded). They are different operations.
Does the tool upload my data anywhere?
No. All escaping and unescaping happens in JavaScript inside your browser tab. You can verify in DevTools Network tab — zero requests during conversion.
Can I escape JSON for use in a SQL query?
Yes — escape the JSON first, then handle SQL-specific quoting at the SQL layer. Different databases have different quoting rules; the JSON escape part is what this tool handles.
Why does my unescape produce garbage?
Usually means the input was not actually escaped JSON. Check that the input starts and ends with a quote and that internal quotes have backslash escapes.
