Escapar / Desescapar cadenas
Escapar y desescapar cadenas para HTML, JSON, JavaScript, SQL y más
Siguientes pasos sugeridos
Herramientas Relacionadas
Codificador / Decodificador Base64
Codifica texto a Base64 o decodifica Base64 a texto rapidamente.
Codificador / Decodificador URL
Codifica y decodifica URLs
Codificador / Decodificador de Entidades HTML
Codificar caracteres especiales a entidades HTML o decodificarlos
Convertidor de Base Numérica
Convertir números entre binario, octal, decimal y hexadecimal
Convertidor de Marca de Tiempo
Convertir entre marcas de tiempo Unix y fechas legibles
Búsqueda ASCII / Unicode
Buscar y consultar códigos de caracteres ASCII y Unicode
Cómo Usar
Pega o Escribe
Ingresa tu texto, código o datos en el área de entrada.
Elige las Opciones
Selecciona la transformación o formato que deseas aplicar.
Copia el Resultado
Copia la salida a tu portapapeles con un solo clic.
Por Qué Usar Esta Herramienta
100% Gratis
Sin costos ocultos, sin niveles premium — todas las funciones son gratuitas.
Sin Instalación
Se ejecuta completamente en tu navegador. No necesitas descargar ni instalar nada.
Privado y Seguro
Tus datos nunca salen de tu dispositivo. Nada se sube a ningún servidor.
Funciona en Móvil
Totalmente responsivo — úsalo en tu teléfono, tableta o escritorio.
String Escaping and Unescaping for Multiple Formats
Key Takeaways
- String escaping converts special characters into safe representations for their target format — JSON, XML, HTML, and more each have different rules.
- Improper escaping is a leading cause of injection vulnerabilities, parsing errors, and data corruption in web applications.
- All string processing happens entirely in your browser — your text data is never sent to any server.
Every programming language and data format has characters with special meaning that must be escaped when used as literal text. A backslash in JSON, angle brackets in XML, and quotes in CSV all require different escaping strategies. Understanding escape sequences across formats is essential for building robust applications that handle data safely.
Injection attacks from improper escaping account for over 30% of web application vulnerabilities according to OWASP.
Security Impact
Key Concepts
JSON Escape Sequences
JSON requires escaping backslashes, double quotes, and control characters (\n, \t, \r). Unicode characters can be represented as \uXXXX escape sequences.
XML and HTML Escaping
XML uses entity references (& < > " ') while HTML adds hundreds of named entities. CDATA sections offer an alternative to escaping in XML.
URL Percent-Encoding
URLs encode special characters as %XX hex pairs. This is distinct from other escaping methods and follows RFC 3986 rules for reserved and unreserved characters.
Backslash Escaping in Regex
Regular expressions use backslash to escape metacharacters. When regex is embedded in a JSON string, backslashes must be double-escaped.
Pro Tips
Always use your language's built-in serialization functions (JSON.stringify, encodeURIComponent) rather than manual escaping.
Be aware of double-escaping — when embedding escaped strings inside other escaped formats, each layer adds its own escaping.
Test with edge cases: empty strings, strings containing only special characters, null bytes, and Unicode surrogate pairs.
When debugging, unescape layer by layer — URL decode first, then JSON parse, then examine the raw string.
All string escaping and unescaping is performed entirely in your browser. Your text data, which may contain sensitive content, is never transmitted to any external server.