Loading...
Loading...
We use cookies to enhance your experience, analyze site usage, and serve personalized content. By clicking "Accept All," you consent to our use of cookies. See our Cookie Policy and Privacy Policy for details.
Escape and unescape strings for JavaScript, JSON, HTML, URL, and more
Escapes and unescapes strings across 7 modes: JavaScript, JSON, HTML, URL, SQL (single quote), SQL (double quote), and CSV. Provides three character targeting options (all special chars, only quotes, only backslashes). Includes a character map display showing each character's transformation side-by-side and real-time input vs output length preview.
Injection attacks (XSS, SQL injection, CSV injection) are often caused by improper string escaping. A dedicated tool covering multiple contexts helps developers understand and apply correct escaping for their specific use case.
Web developers sanitizing user input, security engineers auditing code for injection vulnerabilities, QA testers crafting injection test cases, and anyone debugging encoding issues in data pipelines.
Paste your input string into the text area
Select escape/unescape mode from 7 options: JavaScript, JSON, HTML, URL, SQL (single/double quote), CSV
Choose character targeting: 'All Special Characters', 'Only Quotes', or 'Only Backslashes'
Click 'Escape' or 'Unescape' — result appears with size comparison
Open 'Character Map' panel for a table showing each character's escaped counterpart
Copy result to clipboard or use 'Swap' for iterative escaping/unescaping
Input: 'Hello "World" & <test>' | HTML | Escape => Output: 'Hello "World" & <test>'Input: 'Hello%20World%21' | URL | Unescape => Output: 'Hello World!'JSON also escapes slash (/) and uses strict double quotes. JS mode allows both quote types.
Yes, with correct context matching. But sanitization libraries are recommended for comprehensive XSS prevention.
When a cell starts with =, +, -, or @, interpreted as formulas. CSV escape prevents this.
Escapes double quotes by doubling them. For identifier quoting (table/column names) in double quotes.
Encode and decode Base64 strings online free
Encode and decode URLs and URL components online free
Convert images to Base64 encoded strings for embedding in HTML/CSS
Encode and decode HTML entities for web development
Dive deeper with our comprehensive guides and tutorials.