If you've ever hit Unexpected token in JSON at position 42 or Unterminated string, there's a good chance an unescaped character broke your payload. JSON is strict about what's allowed inside a string, and the fix is almost always escaping. Here's the practical version.
What does escaping a JSON string mean?
A JSON string is wrapped in double quotes. Any character that would confuse the parser must be replaced with a backslash escape sequence. Escaping doesn't change the meaning of your text — it just makes the string valid JSON so parsers can read it. Unescaping is the reverse: turning those sequences back into readable characters (handy when you copy a value out of logs or an API response).
The characters you must escape
JSON defines exactly seven characters that must be escaped inside a string:
| Character | Escaped as |
|---|---|
Double quote "
|
\" |
Backslash \
|
\\ |
| Newline | \n |
| Carriage return | \r |
| Tab | \t |
| Backspace | \b |
| Form feed | \f |
The forward slash / may optionally be escaped as \/, but it isn't required. Unicode can be written as \uXXXX (four hex digits).
JSON escape examples
Double quotes — He said "hello" becomes:
"He said \"hello\""
Backslashes (Windows paths) — C:\temp\file.txt becomes:
"C:\\temp\\file.txt"
Newlines and tabs — a two-line, tabbed string becomes:
"Line 1\nLine 2\tTabbed"
How to escape and unescape JSON in code
In production you rarely escape by hand — every language has it built in.
JavaScript
const escaped = JSON.stringify(text); // escape
const back = JSON.parse(escaped); // unescape
Python
import json
escaped = json.dumps(text) # escape
back = json.loads(escaped) # unescape
Java (Jackson)
ObjectMapper mapper = new ObjectMapper();
String escaped = mapper.writeValueAsString(text);
String back = mapper.readValue(escaped, String.class);
C# (.NET)
using System.Text.Json;
string escaped = JsonSerializer.Serialize(text);
string back = JsonSerializer.Deserialize<string>(escaped);
Common escaping mistakes (and fixes)
-
Double escaping (
\\neverywhere): the string was escaped twice as it passed through systems or loggers. Unescape once to normalize, then escape again only if needed. -
Invalid escape sequences: JSON only allows
\" \\ \/ \b \f \n \r \t \uXXXX. Something like\x41is not valid JSON. -
Raw newline inside a string: the #1 cause of
Unexpected token— a literal line break in a string must be\n.
When you just need it done quickly
For ad-hoc work — reading an escaped value from logs, or escaping a blob of text to drop into a payload — a browser tool is faster than writing a script. I maintain a free, no-signup one that runs 100% client-side (nothing is uploaded): JSON Escape / Unescape. It handles quotes, backslashes, tabs, newlines and \uXXXX Unicode, and the Unescape button reverses it. If the result still won't parse, run it through the JSON validator to find the exact line.
TL;DR
Escape the seven special characters, never hand-roll it in production code (use your language's serializer), and if you're debugging a broken payload, escape/unescape the value and validate before sending. That eliminates the vast majority of "Unexpected token" errors.
Originally published on jsonviewertool.com.
Top comments (0)