How to use the JavaScript String Escape
Escape a JavaScript string in three steps:
1
Paste your text
Enter the raw text you want to use as a JavaScript string value.
2
Choose a quote style
Select double (default for most JS), single (for HTML attribute values), backtick (template literals), or Full Unicode (for ASCII-safe output that escapes all non-ASCII characters).
3
Copy the escaped output
Copy the escaped string and paste it between your chosen quote characters in your JavaScript code.
When to use this tool
Use this tool when you need to safely embed text inside JavaScript string literals:
- →Escaping user-generated content before embedding it in a JavaScript string to prevent syntax errors or injection
- →Converting multiline text blocks into single-line JavaScript string literals for use in code
- →Escaping file paths with backslashes (C:\Users\name) for use in JavaScript strings
- →Preparing text with special characters for use in JavaScript alert(), console.log(), or string concatenation
- →Converting copied text with smart quotes, em dashes, or other typographic characters into safe ASCII JS strings
- →Generating JavaScript code dynamically in templates or code generators where string values must be properly escaped
Frequently asked questions
Q:Why must backslashes be escaped first in JavaScript strings?
Backslash is the escape character itself in JavaScript, so it must be converted to \\ before any other replacements happen. If you escaped newlines first (\n → \\n), then later escaped backslashes, you would double-escape the already-processed sequences — turning \n into \\n incorrectly. The correct order is: backslash → control characters → quote character. This tool handles the ordering automatically, which is one of the most common bugs in hand-written string escaping code.
Q:What is the difference between double-quoted and single-quoted escape mode?
In double-quoted mode, only double quotes are escaped (\" ) — single quotes can appear unescaped. In single-quoted mode, only single quotes are escaped (\') — double quotes can appear unescaped. Choose the mode that matches the quote characters you'll use in your code. Template literal mode (backtick) escapes both the backtick itself and the ${ sequence (which would otherwise start template interpolation). If you're unsure, use double-quoted mode as it's the most common convention in modern JavaScript.
Q:What does Full Unicode mode do differently?
Full Unicode mode escapes all characters outside the printable ASCII range (code points above 127) as \uHHHH or \u{HHHH} sequences, producing output that contains only 7-bit ASCII characters. For example, 'café' becomes 'caf\u00E9'. This is useful when: (1) embedding strings in legacy systems that may not handle UTF-8 correctly; (2) generating JavaScript source code that must be ASCII-safe; (3) embedding in contexts where the file encoding is unclear. Standard modes preserve non-ASCII characters (like accented letters and emoji) as-is, which is correct for UTF-8 encoded JavaScript files.
Q:How is JavaScript string escaping different from JSON escaping?
JavaScript string escaping is a superset of JSON string escaping. JavaScript allows additional escape sequences not valid in JSON: \v (vertical tab), \0 (null), \xHH (hex), single-quote escaping (\'), and octal escapes (\nnn, though deprecated). JSON only requires escaping of \, ", and control characters (U+0000–U+001F) using \uHHHH for those without shorthand sequences. If you're preparing a string for a JSON value (inside { "key": "..." }), use the JSON String Escape tool for strict RFC 8259 compliance. If you're writing JavaScript source code, this tool is appropriate.
Q:Does this tool prevent XSS injection when embedding strings in JavaScript?
This tool escapes characters that would break JavaScript string syntax (like unescaped quotes or newlines), but it is not a complete XSS prevention solution. Escaping JavaScript strings is necessary but not sufficient — you also need to ensure the escaped string is placed in the right context. Never concatenate user input directly into script tags or event handlers even after escaping. For XSS-safe JavaScript data embedding in HTML, use JSON.stringify() on the server side, use a Content Security Policy (CSP), and prefer data attributes or JSON script blocks over inline JavaScript string embedding.
Q:What escape sequences does JavaScript support that this tool handles?
This tool handles all standard JavaScript string escape sequences: \n (newline, LF), \r (carriage return, CR), \t (horizontal tab), \v (vertical tab), \b (backspace), \f (form feed), \0 (null character), \\ (backslash), \" (double quote), \' (single quote), \` (backtick), and \${ (template literal interpolation delimiter). Full Unicode mode additionally produces \uHHHH for 4-digit Unicode code points and \u{HHHH} for supplementary plane characters above U+FFFF.