Escape / Unescape de String
Escapar e desescapar strings para HTML, JSON, JavaScript, SQL e mais
Proximos passos sugeridos
Ferramentas Relacionadas
Codificador / Decodificador Base64
Codifique texto para Base64 ou decodifique Base64 de volta para texto rapidamente.
Codificador / Decodificador de URL
Codifique e decodifique URLs
Codificador / Decodificador de Entidades HTML
Codifique caracteres especiais em entidades HTML ou decodifique-os de volta
Conversor de Base Numérica
Converter números entre binário, octal, decimal e hexadecimal
Conversor de Timestamp
Converter entre timestamps Unix e datas legíveis
Consulta ASCII / Unicode
Pesquisar e consultar códigos de caracteres ASCII e Unicode
Como Usar
Cole ou Digite
Insira seu texto, código ou dados na área de entrada.
Escolha as Opções
Selecione a transformação ou formato que deseja aplicar.
Copie o Resultado
Copie a saída para sua área de transferência com um clique.
Por Que Usar Esta Ferramenta
100% Gratuito
Sem custos ocultos, sem planos premium — todos os recursos são gratuitos.
Sem Instalação
Funciona inteiramente no seu navegador. Nenhum software para baixar ou instalar.
Privado e Seguro
Seus dados nunca saem do seu dispositivo. Nada é enviado a nenhum servidor.
Funciona no Celular
Totalmente responsivo — use no seu celular, tablet ou desktop.
String Escaping and Unescaping for Multiple Formats
Key Takeaways
- String escaping converts special characters into safe representations for their target format — JSON, XML, HTML, and more each have different rules.
- Improper escaping is a leading cause of injection vulnerabilities, parsing errors, and data corruption in web applications.
- All string processing happens entirely in your browser — your text data is never sent to any server.
Every programming language and data format has characters with special meaning that must be escaped when used as literal text. A backslash in JSON, angle brackets in XML, and quotes in CSV all require different escaping strategies. Understanding escape sequences across formats is essential for building robust applications that handle data safely.
Injection attacks from improper escaping account for over 30% of web application vulnerabilities according to OWASP.
Security Impact
Key Concepts
JSON Escape Sequences
JSON requires escaping backslashes, double quotes, and control characters (\n, \t, \r). Unicode characters can be represented as \uXXXX escape sequences.
XML and HTML Escaping
XML uses entity references (& < > " ') while HTML adds hundreds of named entities. CDATA sections offer an alternative to escaping in XML.
URL Percent-Encoding
URLs encode special characters as %XX hex pairs. This is distinct from other escaping methods and follows RFC 3986 rules for reserved and unreserved characters.
Backslash Escaping in Regex
Regular expressions use backslash to escape metacharacters. When regex is embedded in a JSON string, backslashes must be double-escaped.
Pro Tips
Always use your language's built-in serialization functions (JSON.stringify, encodeURIComponent) rather than manual escaping.
Be aware of double-escaping — when embedding escaped strings inside other escaped formats, each layer adds its own escaping.
Test with edge cases: empty strings, strings containing only special characters, null bytes, and Unicode surrogate pairs.
When debugging, unescape layer by layer — URL decode first, then JSON parse, then examine the raw string.
All string escaping and unescaping is performed entirely in your browser. Your text data, which may contain sensitive content, is never transmitted to any external server.