ToolBook
Support us on Ko-fi
Help us keep this free, forever

URL Encoder / Decoder

Bug

How to use the URL Encoder and Decoder

Percent-encode unsafe characters in a URL or decode percent-encoded sequences back to plain text.

  1. Paste your URL or text

    Paste the URL or plain text you want to process into the input box.

  2. Choose Encode or Decode

    Select Encode to convert special characters to %XX sequences. Select Decode to reverse the process. Auto detects which operation is appropriate based on whether %XX sequences are present.

  3. Choose the scope

    Full URL preserves structural characters like slashes and query delimiters. Component encodes everything except the safe character set. Use Component mode for individual query parameter values.

  4. Copy the result

    Click Copy to send the encoded or decoded output directly to your clipboard.

  5. Check the character reference

    Scroll to the quick reference panel to look up the percent-encoded form of the most common special characters at a glance.

Frequently asked questions

What is URL encoding?

URL encoding (percent-encoding) converts characters that are not allowed or have special meaning in a URL into a % followed by two hexadecimal digits. For example, a space becomes %20, and & becomes %26.

When should I encode a full URL versus a URL component?

Use "Full URL" mode when you have a complete URL and want to encode only the unsafe characters while keeping the protocol, slashes, and query delimiters intact. Use "Component" mode when encoding a single value that will be inserted into a URL: this encodes all reserved characters including /, ?, and &.

What is the difference between encodeURI and encodeURIComponent?

encodeURI is designed for full URLs. It leaves characters like /, ?, #, and & alone. encodeURIComponent is designed for individual values. It encodes everything except letters, digits, and - _ . ~ making the output safe to embed as a query string value.

Why does %20 appear instead of + for spaces?

Both %20 and + represent a space in URL encoding, but in different contexts. %20 is RFC 3986 standard and works everywhere. + as a space is a legacy HTML form convention that only works in query strings, not in path segments.

Can I use this tool to decode a broken URL?

Yes. Paste any URL containing %XX sequences and switch to Decode mode. The tool will try to decode each sequence individually, so even partially-encoded URLs decode as much as possible.

What characters are unsafe in a URL?

The unreserved characters are safe anywhere in a URL: letters (A-Z, a-z), digits (0-9), hyphen, underscore, period, and tilde. Everything else, including spaces, ampersands, equals signs, hash symbols, slashes, and non-ASCII Unicode, must be percent-encoded. Reserved characters like /, ?, &, and = have structural meaning in URLs and should only be encoded when used as literal values inside a component, not as delimiters.

How do I URL encode a string in JavaScript?

Use encodeURIComponent(string) for individual values such as query parameter values, path segments, or form fields embedded in a URL. Use encodeURI(url) when you have a complete URL and want to leave its structural characters intact. Avoid the deprecated escape() function, which does not handle Unicode characters correctly.

Does this tool support international and Unicode characters?

Yes. All encoding uses UTF-8, the standard recommended by the W3C and used by modern browsers by default. Each character is converted to its UTF-8 byte sequence, then each byte is percent-encoded. For example, the letter ñ (U+00F1) becomes %C3%B1. Non-ASCII hostnames use Punycode encoding and are handled separately by the browser.

Is there a difference between URL encoding and HTML entity encoding?

Yes, they are different systems for different contexts. URL encoding (percent-encoding) replaces characters with %XX sequences so they transmit safely in URLs. HTML entity encoding replaces characters like < with &lt; so they display safely in HTML markup. Use each system in its correct context. Applying URL encoding to HTML or vice versa will produce incorrect output.

URL encoding: percent signs, spaces, and the two modes every developer needs

What RFC 3986 says, when to use encodeURI vs encodeURIComponent, and the + vs %20 space debate.

What percent-encoding is and why URLs need it

A URL is a string of ASCII characters, but the characters allowed in different parts of a URL are tightly restricted by RFC 3986. Characters outside the safe set (including spaces, non-ASCII Unicode, and reserved delimiters) must be percent-encoded: replaced by a % followed by the character's hexadecimal byte value.

A space becomes %20. An ampersand becomes %26. The Thai letter ก (U+0E01) becomes %E0%B8%81 (its UTF-8 encoding in hex).

Two contexts: full URL vs component

This is the detail most developers get wrong.

Full URL encoding (like encodeURI in JavaScript) should leave structural characters intact: :, /, ?, #, &, =, and @ are all legal in a URL and must not be encoded in their structural positions. Encoding a slash in a path would corrupt the path.

Component encoding (like encodeURIComponent in JavaScript) encodes everything except the unreserved character set: A–Z a–z 0–9 - _ . ~. Use this when encoding a single value that will be inserted into a URL, such as a search query or a parameter value.

Common mistake:

// Wrong — encodes the slashes and colon too
const url = encodeURIComponent('https://example.com/search?q=hello world');

// Correct — encode only the parameter value
const url = `https://example.com/search?q=${encodeURIComponent('hello world')}`;

%20 vs + for spaces

Both %20 and + represent a space, but in different contexts:

  • %20 is the RFC 3986 standard and works everywhere: in path segments, query strings, and fragments.
  • + as a space is a legacy convention from HTML form encoding (application/x-www-form-urlencoded). It only means a space inside query strings. In a path segment, + is a literal plus sign.

Modern codebases should use %20 unless they are specifically handling HTML form data. Many frameworks decode + as a space in query strings by default, which can cause subtle bugs when your data contains a literal +.

When decoding goes wrong

decodeURIComponent throws a URIError if the input contains a % that is not followed by two valid hex digits. This is common when processing user-supplied input that contains a literal % which was not itself percent-encoded. The solution is to always percent-encode the source before embedding it.

Partial decoding (decoding only the sequences that are valid) is a safer approach when you cannot control the input format.

Unicode in URLs

Modern browsers and most HTTP libraries encode non-ASCII characters as their UTF-8 byte sequences in percent-encoded form. ñ (U+00F1) → %C3%B1 (the two UTF-8 bytes 0xC3 and 0xB1). The Internationalized Domain Names (IDN) standard handles non-ASCII hostnames separately via Punycode encoding.

If you are building an API that receives URLs, always decode on the server side and re-encode consistently before storing. Stored URLs should always be in normalised percent-encoded form.

Related tools

Developer

HTML Entity Encoder / Decoder

Encode, decode, and escape HTML entities. Named, numeric, and hex.

Developer

Base64 Encoder / Decoder

Encode, decode, download. Runs in your browser.

Developer

JSON Formatter

Paste JSON. Format, validate, and minify in seconds.