String Escaper

Paste a string, pick a context, get the escaped (or decoded) form. Seven contexts are wired up: JavaScript, JSON, HTML / XML, SQL, POSIX shell, Python repr, and CSS. Live as you type, copy-ready, in your browser — nothing leaves the device.

Direction

HTML encoder mode
0 chars

Quick reference

Each context escapes a different set of characters. The four marked reversible (JS, JSON, HTML, Python) can be decoded back to the original text; the other three (SQL, shell, CSS) are escape-only because a generic decoder cannot distinguish an escaped char from a literal one.

JavaScript

\\ \" \n \r \t \b \f \v \0 \xNN \uXXXX — wraps in double quotes; non-ASCII as \uXXXX; supplementary plane as a surrogate pair.

JSON

\" \\ \/ \n \r \t \b \f \uXXXX — RFC 8259. \0\u0000; U+2028 and U+2029 always escaped.

HTML / XML

Five modes: xml-safe (just the four structural chars), named (the four as names), all (names where known, numeric elsewhere), decimal / hex (always numeric).

SQL

Single-quoted; embedded ' doubled to ''. \n \r \t and \0 escaped with backslash for safety against string-concat injection.

POSIX shell

Wraps the whole string in single quotes. Embedded ' becomes '\'' (close, literal quote, reopen). Handles $, \, ` safely because nothing inside '…' is interpreted.

Python repr

Single-quoted; \n \r \t \b \f \v \0 \\ \' backslash-escaped. Non-printables as \xNN. Decodes \xNN, \uXXXX, \UXXXXXXXX.

CSS

Wraps in the chosen quote (" by default); \ and the quote char are backslash-escaped. Newlines become \A (with the trailing space terminator), tabs \9 , carriage returns \D .