Escape JSON String: Special Characters, Backslashes, and Unicode

Q: Which characters must be escaped in JSON strings?

RFC 8259 requires these characters to be escaped inside JSON string values: the double quote (\") because it terminates the string, the backslash (\\) because it introduces escape sequences, and all control characters from U+0000 to U+001F. The named escapes for common control characters are: \n for newline (U+000A), \r for carriage return (U+000D), \t for tab (U+0009), \b for backspace (U+0008), and \f for form feed (U+000C). Any other control character must use the \uXXXX form with a four-digit hex code. Forward slash (/) may optionally be escaped as \/ but does not have to be. Unicode characters above U+001F do not need escaping.

Q: How do I escape a backslash in JSON?

A literal backslash in a JSON string must be written as two backslashes: \\. This is the most common escaping mistake for Windows file paths. The path C:\Users\Alice must be written in JSON as "C:\\Users\\Alice". When you use JSON.stringify in JavaScript, it handles this automatically — JSON.stringify("C:\\Users\\Alice") produces the correctly escaped JSON string. The confusion arises because JavaScript string literals also use backslash as an escape character, so a JavaScript string containing one backslash is written as "\\", which JSON.stringify then escapes to produce \\\\ in the raw JSON text.

Q: What is the difference between \n in JSON and a real newline?

In JSON, \n inside a string is the two-character escape sequence representing a newline character (U+000A). A real (literal) newline character — an actual line break in the middle of a JSON string value — is not valid JSON. The JSON parser reads \n and produces a single newline character in the parsed result. If you embed a literal newline in a JSON string, most parsers throw a SyntaxError because the specification requires control characters to be escaped. When generating JSON with JSON.stringify, all real newlines in string values are automatically converted to \n escape sequences, so the output is always valid.

Q: How do I escape a JSON string in JavaScript?

The standard way to escape a string for use in JSON in JavaScript is JSON.stringify(yourString). It wraps the string in double quotes and escapes all characters that JSON requires to be escaped: backslashes, double quotes, and control characters. For example: JSON.stringify('She said "hello"\nGoodbye') produces "\"She said \\\"hello\\\"\\nGoodbye\"". Never escape JSON strings manually with string concatenation or regex — JSON.stringify handles all edge cases correctly. If you only need the escaped content without the surrounding double quotes, use JSON.stringify(str).slice(1, -1).

Q: What characters are illegal in JSON strings without escaping?

The following characters are illegal in JSON strings unless escaped: the double quote character (must be \"), the backslash character (must be \\), and all control characters in the Unicode range U+0000 to U+001F. This includes characters you might not expect: the null byte (U+0000), the delete character (U+007F is not a control character and does not need escaping), bell (U+0007), and escape character (U+001B). Importantly, a literal tab, newline, or carriage return inside a JSON string value is also illegal — they must be written as \t, \n, or \r respectively.

Q: How do I unescape a JSON string?

To unescape a JSON-escaped string, use JSON.parse with the string wrapped in double quotes: JSON.parse('"' + escapedString + '"') converts all escape sequences like \n, \t, and \\ back to their literal characters. Make sure the escaped string itself does not already include surrounding double quotes from serialization. For a full JSON document, call JSON.parse(jsonText) directly on the entire document — it unescapes all string values as part of normal parsing. If you only have a fragment (a JSON string value without the surrounding object), wrap it in quotes first. Never unescape manually with string replacement — JSON.parse handles all Unicode escapes and surrogate pairs correctly.

Last updated: May 11, 2026

JSON strings must escape 8 characters per RFC 8259: \" (double quote), \\ (backslash), \b (backspace), \f (form feed), \n (newline), \r (carriage return), \t (tab), and \/ (forward slash — optional). All 32 control characters U+0000–U+001F must be escaped, typically as \uXXXX 4-hex-digit sequences. The safest approach is JSON.stringify(value) in JavaScript or json.dumps(value) in Python — both handle all 8 required sequences plus Unicode automatically. This guide covers each escape sequence with examples, the ensure_ascii=True option for pure-ASCII output, how to unescape a JSON string with JSON.parse('"' + s + '"'), and the 4 most common parse errors caused by bad escaping.

Characters that must be escaped

The JSON specification (RFC 8259) requires these characters to be escaped inside a string value:

Character	Escape sequence	Notes
Double quote `"`	`\"`	Required — terminates the string otherwise
Backslash `\`	`\\`	Required — introduces escape sequences
Newline	`\n`	U+000A
Carriage return	`\r`	U+000D
Tab	`\t`	U+0009
Backspace	`\b`	U+0008
Form feed	`\f`	U+000C
Any control char	`\uXXXX`	U+0000–U+001F

Forward slash / may be escaped as \/ but does not have to be. Unicode characters above U+001F do not need escaping but can be written as \uXXXX if ASCII-only output is required.

Common escaping mistakes

Unescaped backslash in Windows file paths

// ❌ Invalid
{"path": "C:UsersAliceDocuments"}

// ✅ Valid
{"path": "C:\Users\Alice\Documents"}

Unescaped double quote inside a string

// ❌ Invalid
{"message": "She said "hello" to me"}

// ✅ Valid
{"message": "She said \"hello\" to me"}

Literal newline instead of \n

// ❌ Invalid — actual line break inside the string
{"text": "line one
line two"}

// ✅ Valid
{"text": "line one\nline two"}

Let JSON.stringify handle escaping

In JavaScript, JSON.stringify() escapes all required characters automatically. Never build JSON strings by hand.

const path = 'C:\Users\Alice'
const message = 'She said "hello"'
const multiline = 'line one\nline two'

// JSON.stringify escapes everything correctly
const json = JSON.stringify({ path, message, multiline })
console.log(json)
// {"path":"C:\\Users\\Alice","message":"She said \"hello\"","multiline":"line one\\nline two"}

See the JSON.stringify tutorial for replacers, spacing, and safe circular reference handling.

Escaping for use inside HTML attributes

When embedding JSON in an HTML attribute or a <script> tag, double-escaping issues can arise. The safest pattern is to serialize server-side and inject into a <script type="application/json"> block rather than an attribute value.

<!-- Preferred: script tag injection -->
<script type="application/json" id="app-config">
  {"theme":"dark","locale":"en"}
</script>

<script>
  const config = JSON.parse(document.getElementById('app-config').textContent)
</script>

Unicode escape sequences

Any Unicode code point can be written as \uXXXX where XXXX is the four-digit hex value. Characters outside the Basic Multilingual Plane (above U+FFFF) require a surrogate pair.

// Unicode escape for a copyright symbol
{"notice": "\u00A9 2024 Acme Corp"}

// Emoji using surrogate pair (U+1F600)
{"emoji": "\uD83D\uDE00"}

In practice, modern JSON parsers handle UTF-8 directly and surrogate pairs are rarely needed unless you need pure ASCII output.

Validate your escaped JSON

Paste the JSON into Jsonic's Formatter to confirm the escaping is correct and the string values parse as expected.

Open JSON Formatter

Frequently asked questions

Which characters must be escaped in JSON strings?

The double quote (\"), backslash (\\), and all control characters from U+0000 to U+001F. Named escapes include \n, \r,\t, \b, and \f.

How do I escape a backslash in JSON?

Write \\ for a single backslash. Windows paths must double every backslash:C:\\Users\\Alice becomes "C:\\\\Users\\\\Alice" in JSON.JSON.stringify does this automatically.

What is the difference between \n in JSON and a real newline?

\n is the two-character escape sequence for a newline. A literal line break inside a JSON string value is illegal — parsers throw a SyntaxError. Always use the escape sequence.

How do I escape a JSON string in JavaScript?

Call JSON.stringify(yourString). It wraps the string in double quotes and escapes all required characters. To get the escaped content without surrounding quotes, use JSON.stringify(str).slice(1, -1).

What characters are illegal in JSON strings without escaping?

Double quote, backslash, and all control characters U+0000–U+001F — including literal tabs, newlines, and carriage returns. These must use their escape sequences (\t, \n, \r).

How do I unescape a JSON string?

Wrap the escaped string in double quotes and call JSON.parse:JSON.parse('"' + escaped + '"'). For a complete JSON document, callJSON.parse directly — it unescapes all string values during normal parsing.