Related Tools
How to Use
- 1Enter text or a URL component in the input area.
- 2Click Encode to convert special characters to percent-encoded format.
- 3Click Decode to convert percent-encoded strings back to readable text.
- 4Use Swap or 'Output as Input' for iterative encode/decode operations.
- 5Copy the result with one click.
About URL Encoder/Decoder
The URL Encoder/Decoder converts between plain text and URL-encoded (percent-encoded) format, the standard encoding scheme defined in RFC 3986 for including special characters safely in URLs. Characters like spaces, ampersands, question marks, and non-ASCII characters (accented letters, emoji, CJK characters) are replaced with %XX sequences — where XX is the hexadecimal representation of the character's UTF-8 byte value. For example, a space becomes %20, an ampersand becomes %26, and the emoji character becomes a sequence of twelve percent-encoded bytes representing its four UTF-8 octets.
URL encoding exists because URLs can only contain a limited set of characters from the ASCII character set, as specified in RFC 3986 (Uniform Resource Identifier: Generic Syntax). Characters that have special meaning in URL syntax — like & (parameter separator), = (key-value delimiter), ? (query string start), # (fragment identifier), and / (path separator) — must be encoded when they appear as data rather than as structural elements. Without encoding, a search query containing '&' would be misinterpreted as a parameter separator, breaking the URL and potentially causing security issues like parameter injection.
The tool uses JavaScript's encodeURIComponent() function for encoding, which converts everything except unreserved characters (A-Z, a-z, 0-9, -, _, ., ~) to percent-encoded sequences. For decoding, it uses decodeURIComponent() with additional handling for + signs (which represent spaces in the application/x-www-form-urlencoded format used by HTML forms, as defined in the WHATWG URL Standard). This dual support covers both RFC 3986 percent-encoding and HTML form encoding, which is essential because many web servers and frameworks use the + convention for spaces in query strings rather than %20.
Developers use this tool daily for building and debugging URLs: constructing query strings with user-generated values, debugging encoded parameters in server logs and analytics URLs, preparing data for API requests (especially REST APIs that accept query parameters), encoding redirect URLs for OAuth 2.0 authorization flows, encoding callback URLs for webhook registrations, and decoding percent-encoded values copied from browser address bars, HTTP traffic inspectors like Chrome DevTools, Fiddler, or Charles Proxy. It is also commonly used to debug tracking URLs from marketing platforms like Google Analytics UTM parameters and Facebook ad links.
A common point of confusion is the difference between encodeURI() and encodeURIComponent(), both documented on MDN Web Docs. encodeURI() is designed for encoding complete URLs — it does not encode characters like /, ?, &, and = that have structural meaning in URLs. encodeURIComponent() is designed for encoding individual values that will be inserted into a URL — it encodes everything except unreserved characters. This tool uses encodeURIComponent(), which is the correct choice for encoding query parameter values, form data, and any user input that will be embedded in a URL. Using encodeURI() on a parameter value would leave dangerous characters unencoded, leading to broken or ambiguous URLs.
All encoding and decoding runs locally in your browser using native JavaScript functions. No data is transmitted to any server, making it safe for encoding API keys, authentication tokens, OAuth secrets, session parameters, webhook signing keys, and any sensitive values that appear in URLs. The tool works entirely offline after the initial page load, so you can use it on restricted networks or air-gapped development environments without any connectivity requirements.
Frequently Asked Questions
What is URL encoding (percent-encoding)?
URL encoding (formally called percent-encoding, defined in RFC 3986) replaces characters that are not allowed or have special meaning in URLs with a % sign followed by two hexadecimal digits representing the character's byte value. For example, spaces become %20, & becomes %26, and the euro sign (€) becomes %E2%82%AC (its three UTF-8 bytes, each percent-encoded).
Which JavaScript function is used?
encodeURIComponent() for encoding, which converts everything except A-Z, a-z, 0-9, and the characters - _ . ~. This is the correct function for encoding individual URL components like query parameter values. encodeURI() (which preserves URL-structural characters) is not used here because it would leave characters like & and = unencoded, which is wrong for encoding parameter values.
Does the decoder handle + as a space?
Yes. The decoder normalizes + signs to spaces before decoding, supporting the application/x-www-form-urlencoded format used by HTML forms and many server frameworks. In this format, spaces are encoded as + rather than %20. Both representations decode to a space character.
When should I URL-encode values?
Always encode user-generated or dynamic values before inserting them into URLs, query strings, form data, or API parameters. This prevents broken URLs (a value containing & would split your query string), injection vulnerabilities, and encoding errors with non-ASCII characters. Most HTTP client libraries handle this automatically, but when constructing URLs manually or debugging, this tool helps you verify the encoding.
Is my data sent to any server?
No. All encoding and decoding happens locally in your browser using JavaScript's native encodeURIComponent() and decodeURIComponent() functions. Your text never leaves your device, making it safe for encoding API keys, tokens, passwords, and other sensitive values.
What is the difference between encodeURI and encodeURIComponent?
encodeURI() encodes a complete URL and preserves characters that have structural meaning (/, ?, #, &, =). encodeURIComponent() encodes an individual value that will be embedded in a URL and encodes everything except unreserved characters. Use encodeURIComponent() for query parameter values and form data. Use encodeURI() only when encoding a full URL where you want to preserve its structure.
Why are non-ASCII characters encoded as multiple %XX sequences?
Non-ASCII characters (like é, ñ, 中, or emoji) are first converted to their UTF-8 byte sequence, then each byte is individually percent-encoded. The letter é, for example, is two bytes in UTF-8 (0xC3 0xA9), so it becomes %C3%A9. A Chinese character might be three bytes, and an emoji four bytes. This is why percent-encoded URLs can look much longer than the original text.
Can I decode a full URL with multiple parameters?
Yes. Paste the entire URL into the decoder and it will convert all percent-encoded sequences back to readable characters. This is useful for reading analytics URLs, tracking links, and API request URLs that contain encoded parameter values.