Skip to main content
Book Consultation →
Home Tools URL Encoder / Decoder
🔐 Encoding & Security ✅ 100% Free ⚡ Instant

URL Encoder / Decoder

Percent-encode special characters to make URLs safe for transmission, or decode percent-encoded strings back to readable text. Choose between encodeURIComponent (component) or encodeURI (full URL) encoding modes.

Mode:
Plain Text / URL 0 chars
Encoded Output 0 chars
Enter text or a URL to begin.
📊 Stats
0
Input chars
0
Output chars
0
Encoded chars
0
Safe chars
⚡ Percent-Encoded Characters
space%20
#%23
%%25
&%26
=%3D
?%3F
+%2B
/%2F
@%40
💡 Component vs Full URL
Component mode — encodes all special chars including / ? & = #. Use for query string values.
Full URL mode — preserves URL structure chars. Use for encoding a complete URL.
🔗 Related Tools
🔐
Base64 Encoder
Encoding & Security
🌐
HTML Encoder / Decoder
Encoding & Security
🔗
URL Parser
Developer Utilities
🔑
JWT Decoder
Encoding & Security

What is URL Encoding?

URL encoding (also called percent-encoding) converts characters that are not allowed in a URL into a safe format by replacing them with a % sign followed by two hexadecimal digits representing the character's UTF-8 byte value. For example, a space becomes %20, and & becomes %26.

URLs can only contain a limited set of characters from the ASCII character set. Any other characters — including spaces, Unicode characters, and special symbols — must be percent-encoded before being included in a URL.

Component vs Full URL Encoding

JavaScript provides two encoding functions that behave differently:

  • encodeURIComponent() — encodes every character except A-Z a-z 0-9 - _ . ! ~ * ' ( ). Use this for query parameter values, form data, and any part of a URL that could contain special characters.
  • encodeURI() — encodes everything except the characters legal in a URI, preserving the structural characters / ? & = # @ : ;. Use this when encoding a complete URL that already has its structure in place.

Frequently Asked Questions

Both represent spaces in URLs, but in different contexts. %20 is the standard percent-encoding for a space and works everywhere. The + sign is only valid as a space in the application/x-www-form-urlencoded format used by HTML form submissions — it should not be used in path segments or general URIs.
Use Component mode when encoding individual query parameter values (e.g. search terms, user input that goes into a URL). Use Full URL mode when you have a complete URL and only want to encode characters that are truly unsafe (like spaces or Unicode), while preserving /, ?, &, = and other structural characters.
Yes. Unicode characters are first converted to their UTF-8 byte representation, and each byte is then percent-encoded. For example, the emoji 🚀 is encoded as %F0%9F%9A%80. Modern browsers typically display the decoded characters in the address bar for readability, but the underlying URL uses the percent-encoded form.
Decoding itself is safe, but the decoded output should always be treated as untrusted input. Never decode a URL and then directly insert the result into HTML, SQL, or a shell command without proper escaping — doing so could introduce XSS, SQL injection, or command injection vulnerabilities. Always sanitise and contextually escape decoded values before use.
Copied!