Free2BoxFree2Box

字符串转义 / 还原

为 HTML、JSON、JavaScript、SQL 等格式转义和还原字符串

输入
Enter text to escape
输出
结果将显示在此...

建议下一步

1

正则表达式测试

测试和调试正则表达式

相关工具

Base64 编解码工具

快速将文字编码为 Base64 格式,或将 Base64 解码回原始文字。

URL 编解码

URL 编码和解码

HTML 实体编码 / 解码

将特殊字符编码为 HTML 实体或将其解码还原

进制转换器

在二进制、八进制、十进制和十六进制之间转换

时间戳转换器

在 Unix 时间戳和可读日期之间转换

ASCII / Unicode 查询

搜索和查询 ASCII 与 Unicode 字符码

使用方法

1

粘贴或输入内容

在输入区域输入您的文字、代码或数据。

2

选择选项

选取要应用的转换方式或格式。

3

复制结果

一键将输出结果复制到剪贴板。

为什么使用此工具

100% 免费

没有隐藏费用,没有付费等级——所有功能完全免费。

无需安装

完全在浏览器中运行。无需下载或安装任何软件。

隐私且安全

您的数据永远不会离开您的设备。不会上传至任何服务器。

支持移动设备

完全响应式设计——在手机、平板或桌面电脑上均可使用。

String Escaping and Unescaping for Multiple Formats

Key Takeaways

  • String escaping converts special characters into safe representations for their target format — JSON, XML, HTML, and more each have different rules.
  • Improper escaping is a leading cause of injection vulnerabilities, parsing errors, and data corruption in web applications.
  • All string processing happens entirely in your browser — your text data is never sent to any server.

Every programming language and data format has characters with special meaning that must be escaped when used as literal text. A backslash in JSON, angle brackets in XML, and quotes in CSV all require different escaping strategies. Understanding escape sequences across formats is essential for building robust applications that handle data safely.

Injection attacks from improper escaping account for over 30% of web application vulnerabilities according to OWASP.

Security Impact

Key Concepts

1

JSON Escape Sequences

JSON requires escaping backslashes, double quotes, and control characters (\n, \t, \r). Unicode characters can be represented as \uXXXX escape sequences.

2

XML and HTML Escaping

XML uses entity references (& < > " ') while HTML adds hundreds of named entities. CDATA sections offer an alternative to escaping in XML.

3

URL Percent-Encoding

URLs encode special characters as %XX hex pairs. This is distinct from other escaping methods and follows RFC 3986 rules for reserved and unreserved characters.

4

Backslash Escaping in Regex

Regular expressions use backslash to escape metacharacters. When regex is embedded in a JSON string, backslashes must be double-escaped.

Pro Tips

Always use your language's built-in serialization functions (JSON.stringify, encodeURIComponent) rather than manual escaping.

Be aware of double-escaping — when embedding escaped strings inside other escaped formats, each layer adds its own escaping.

Test with edge cases: empty strings, strings containing only special characters, null bytes, and Unicode surrogate pairs.

When debugging, unescape layer by layer — URL decode first, then JSON parse, then examine the raw string.

All string escaping and unescaping is performed entirely in your browser. Your text data, which may contain sensitive content, is never transmitted to any external server.

Sources

常见问题