Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
-
Economics & Finance
What is difference between unescape() and escape() functions in JavaScript?
JavaScript provides two legacy functions for dealing with encoded strings: escape() and unescape(). The escape() function encodes a string, making certain characters safe for URLs, while unescape() decodes an encoded string back to its original form.
escape() and unescape() are deprecated. Use encodeURIComponent()/decodeURIComponent() or encodeURI()/decodeURI() instead.
Syntax
escape(string) unescape(encodedString)
Key Differences
| Function | Purpose | What it does |
|---|---|---|
escape() |
Encodes special characters | Converts characters like spaces, punctuation to %XX format |
unescape() |
Decodes encoded characters | Converts %XX sequences back to original characters |
Example: Basic Usage
<html>
<body>
<script>
// Original string with special characters
var originalString = "Hello world! @#$%";
// Encode the string
var encodedString = escape(originalString);
// Decode it back
var decodedString = unescape(encodedString);
// Display results
document.getElementById("result1").innerHTML = "Original: " + originalString;
document.getElementById("result2").innerHTML = "Encoded: " + encodedString;
document.getElementById("result3").innerHTML = "Decoded: " + decodedString;
</script>
</body>
</html>
Characters That Get Encoded
The escape() function encodes characters that are not alphanumeric or one of: * + - . / @ _
<html>
<body>
<script>
var testStrings = [
"Hello World!",
"user@domain.com",
"price: $50",
"100% complete"
];
var output = "";
testStrings.forEach(function(str) {
output += "'" + str + "' ? '" + escape(str) + "'<br>";
});
document.getElementById("demo").innerHTML = output;
</script>
</body>
</html>
Modern Alternatives (Recommended)
Instead of deprecated escape() and unescape(), use these modern functions:
<html>
<body>
<script>
var testString = "Hello World! 100%";
var results =
"<strong>Legacy (Deprecated):</strong><br>" +
"escape(): " + escape(testString) + "<br>" +
"unescape(): " + unescape(escape(testString)) + "<br><br>" +
"<strong>Modern (Recommended):</strong><br>" +
"encodeURIComponent(): " + encodeURIComponent(testString) + "<br>" +
"decodeURIComponent(): " + decodeURIComponent(encodeURIComponent(testString));
document.getElementById("comparison").innerHTML = results;
</script>
</body>
</html>
Why They're Deprecated
Limited character support: Only handles ASCII characters properly
Security concerns: Can lead to vulnerabilities when handling untrusted input
Browser inconsistencies: Not supported in all modern browsers
Better alternatives exist: URI encoding functions are more reliable and standards-compliant
Conclusion
While escape() and unescape() were once used for URL encoding, they're now deprecated. Use encodeURIComponent()/decodeURIComponent() for encoding URL parameters or encodeURI()/decodeURI() for full URLs instead.
3K+ Views
