Certain characters like &, =, ?, and spaces are reserved in URLs and must be percent-encoded (%26, %3D, %3F, %20) to be safely included in query parameters.

String Escape / Unescape — How to Use

What is String Escape / Unescape?

String escaping converts special characters into safe encoded equivalents for a specific context. For example, < must be written as < inside HTML, or a space must be written as %20 inside a URL query string. The reverse — unescape — converts these codes back to human-readable characters.

This tool supports seven formats in a single place: HTML, URL, JavaScript, Unicode, Base64, CSV and RegExp. Switch between Escape and Unescape modes with a click.

How to Use It

Open the tool

Go to Text & Strings and scroll to the String Escape / Unescape section.

Select a format

Click the format tab you need: HTML, URL, JavaScript, Unicode, Base64, CSV or RegExp.

Choose mode

Select Escape to encode special characters, or Unescape to decode them back.

Paste and copy

Paste your input text and copy the result — the conversion is instant.

Format Reference

Format	Example	When to use
HTML	`<div>`	Displaying code or user input inside HTML
URL	`hello%20world`	Query string values, URL parameters
JavaScript	`\u0022hello\u0022`	Strings inside JS source code
Unicode	`\u0041`	Source code with non-ASCII characters
Base64	`aGVsbG8=`	Simple encoding for plain text
CSV	`"value,with,commas"`	Values containing commas or quotes
RegExp	`hello\.world`	Escaping regex special characters

Pro Tips

💡Always escape user-provided content before inserting it into HTML to prevent Cross-Site Scripting (XSS). The minimum characters to escape are &, <, >, " and '.

💡For URL encoding, only encode the value part of a query parameter, not the entire URL — e.g. encode the value in ?q=[value], not the ?q= part.

💡When building regex patterns programmatically, escape user input with the RegExp mode to prevent regex injection.

Frequently Asked Questions

What does HTML escaping do?

It converts characters like <, >, & to HTML entities (<, >, &) so they display as text rather than being interpreted as HTML markup.

Why do I need to escape URLs?

URL query strings use reserved characters (&, =, ?, spaces) as delimiters. Values containing these characters must be percent-encoded (%26, %3D, %20) to avoid breaking the URL structure.

What is Unicode escaping?

Unicode escaping converts characters to their \uXXXX JavaScript escape sequences. Useful for safely including non-ASCII characters in JavaScript source files.

Is my text sent to a server?

No — all processing runs entirely in your browser. Nothing is transmitted anywhere.

Ready to escape?

Open the String Escape tool and convert any text for any context — instantly, no login required.

Open String Escape →