would close the script). For non-HTML contexts, leaving / unescaped is correct."}},{"@type":"Question","name":"Why is the backslash escaped first?","acceptedAnswer":{"@type":"Answer","text":"If quote escaping ran first, the new \\\" would itself contain a backslash that the next pass would re-escape into \\\\\". Doubling backslashes first guarantees no character is double-encoded — the same ordering that JSON, Java, and .NET escape tools use."}},{"@type":"Question","name":"Does it support the new \\u{...} unicode escape?","acceptedAnswer":{"@type":"Answer","text":"No — it passes Unicode characters through unchanged, which is correct for JavaScript files served as UTF-8 (the modern default). If you need ASCII-only source for legacy targets, use \\u{NNNNN} for code points above 0xFFFF and \\uNNNN for BMP characters. JS source files in 2024+ rarely need that."}},{"@type":"Question","name":"Is the output safe inside a sequence inside a JS string still terminates the surrounding HTML script tag — a classic XSS vector. To be safe inside an inline script, additionally replace < with \\x3C (or escape the / in

JavaScript Escape Online — Escape JS Strings

Escape \, ', ", \n, \r, \t for JavaScript string literals — safe in both single- and double-quoted contexts. Browser-only.

Raw Input

JS String Literal Output

What is JavaScript String Escaping?

JavaScript string escaping converts a raw string into a form that can sit between either single or double quotes inside a JS source file without breaking the parser. Backslashes are doubled, both quote types are prefixed with backslash, and the common control characters (\n, \r, \t, \0) become their two-character escape sequences.

JavaScript treats single- and double-quoted strings identically, so escaping both quote types makes the output portable between either delimiter. Template literals (backtick) have additional rules — backtick and $${ need escaping there. The OpenFormatter JS escape tool runs entirely in your browser — paste, click, copy.

How to escape JavaScript strings — 4 steps

Paste raw text. Drop your unescaped string into the Input panel — quotes, multi-line content, paths, regex patterns are all fine.
Click Escape. Backslashes are doubled first, then both quote types and control characters become their backslash sequences.
Verify. Every \ shows as \\, both ' and " are escaped, and newlines collapse to \n.
Paste into JS or TS. Wrap the output in either quote type and drop into your code, test fixture, or constant declaration.

Sample input and output

Raw input

It's a "test" line
With a backslash: \ and a tab	end

JS string literal

It\'s a \"test\" line\nWith a backslash: \\ and a tab\tend

Quote-Agnostic

Escapes both single and double quotes so the output drops into either delimiter without modification — useful with code generators that pick a quote style at output time.

Backslash-First

Doubles backslashes before any other replacement so the new backslashes from quote/control escapes are not re-encoded.

Browser-Only

Source code, secrets, and PII never leave your browser — the transformation is pure JavaScript on your machine.

Common use cases

check_circleEmbedding user-provided text into a JavaScript string constant
check_circlePreparing regex patterns and fixture data for unit tests
check_circleGenerating JS code from a code-generation step that emits string literals
check_circleEncoding multi-line SQL or GraphQL queries as single-line JS strings
check_circleStoring escaped HTML or XML templates as JS const exports
check_circleEmbedding ESLint, Prettier, or PostCSS plugin fixture strings
check_circleCreating safe inline JS snippets for analytics tags and pixels
check_circleGenerating TypeScript declaration string literal types from raw values

JS escape vs JSON escape vs HTML escape

All three convert special characters, but each targets a different parser. JS escape handles both quote types and the JS-specific control set. JSON escape is stricter (RFC 8259) — only double-quoted, and forbids unescaped control characters below 0x20. HTML escape targets the HTML parser by encoding <, >, &, ", and ' as entities. Pasting JS-escaped text into HTML still leaves <script> as literal HTML — a classic XSS bug. Use the right pass for each output context.

Need to reverse the operation?

Decode existing JS escape sequences with JavaScript Unescape, or use one of the other escape tools for different parsers.

JavaScript Unescape JSON Escape HTML Escape

Frequently Asked Questions

Single vs double quotes — which is the default?

JavaScript treats single-quoted ('...') and double-quoted ("...") strings identically — both interpret backslash sequences. The only difference is which delimiter you must escape: \' inside single-quoted, \" inside double-quoted. The tool escapes both so the output is safe in either context. Style guides like Airbnb and StandardJS prefer single quotes; Prettier defaults to double quotes — pick one and stick with it.

Does it produce template-literal-safe output?

Not directly. Template literals (backtick `...`) require escaping the backtick (\`) and the dollar-brace sequence (${). The output of this tool is safe for traditional quoted strings; for template literals you would additionally escape any literal backtick or ${ sequences. Most code generators avoid template literals as output targets for that reason.

Should I escape forward slashes?

No — JavaScript string literals do not require escaping the forward slash. The only place / has meaning is at the boundary of a regex literal. Some teams escape \/ inside strings purely so the literal can be safely embedded in an HTML <script> tag (where </script> would close the script). For non-HTML contexts, leaving / unescaped is correct.

Why is the backslash escaped first?

If quote escaping ran first, the new \" would itself contain a backslash that the next pass would re-escape into \\". Doubling backslashes first guarantees no character is double-encoded — the same ordering that JSON, Java, and .NET escape tools use.

Does it support the new \u{...} unicode escape?

No — it passes Unicode characters through unchanged, which is correct for JavaScript files served as UTF-8 (the modern default). If you need ASCII-only source for legacy targets, use \u{NNNNN} for code points above 0xFFFF and \uNNNN for BMP characters. JS source files in 2024+ rarely need that.

Is the output safe inside a <script> tag in HTML?

Almost. The five string-literal escapes are correct, but a literal </script> sequence inside a JS string still terminates the surrounding HTML script tag — a classic XSS vector. To be safe inside an inline script, additionally replace < with \x3C (or escape the / in </). For external .js files served with the right MIME type, this is not an issue.

How does it compare with JSON.stringify?

JSON.stringify wraps the output in double quotes and additionally escapes all control characters below U+0020 as \u00xx, plus surrogate pairs and the line separator (U+2028 / U+2029). It produces strict JSON, not arbitrary JS. This tool produces JS-flavoured output — safe for either single or double quotes — and trusts the surrounding context for control-character handling.

Is the input sent to a server?

No. The escape transformation runs entirely in JavaScript inside your browser. JS source often contains config tokens, secrets, or proprietary algorithms — none of it leaves your device. Verify in DevTools Network tab.