We use cookies and similar technologies to enhance your browsing experience, analyze site traffic, and personalize content and ads. By clicking "Accept", you consent to our use of cookies. Learn more in our Privacy Policy.
URL Encoder & Decoder converts text to and from percent-encoded form, the escaping scheme URLs use to carry characters that would otherwise be ambiguous or illegal in a web address. Paste a value to encode it for safe use in a query string or path, or paste an already-encoded string to read it back as plain text. The tool handles full Unicode correctly, so accented letters, emoji, and non-Latin scripts round-trip without corruption.
It runs entirely in your browser. Nothing you type is sent to a server, which matters when you are debugging a URL that contains a token, an API key, a session ID, or any other value you would rather not paste into a remote service. There is no account, no upload, and no limit on how many times you run it.
Percent-encoding replaces unsafe bytes with a % followed by two hexadecimal digits. The space character becomes %20, and a multi-byte UTF-8 character is encoded one byte at a time, so é (UTF-8 bytes C3 A9) becomes %C3%A9.
The tool offers two encoding modes that mirror the two standard JavaScript functions:
&, =, ?, /, #, and +. Use this for a single value you are dropping into a query parameter or path segment.:, /, ?, #, &, =) so an entire address stays usable. Use this only when you are encoding a complete URL, not an individual field.Decoding is symmetric in both directions: it reads each %XX sequence, reassembles the UTF-8 bytes, and gives you back the original text.
Say you are building a search link and the query is name=John & Jane?. Dropping that raw into a URL breaks it, because &, =, and ? already mean something to the parser.
Encode the value in component mode:
John & Jane? -> John%20%26%20Jane%3F
Now it is safe to assemble:
https://example.com/search?q=John%20%26%20Jane%3F
The server reads the q parameter back as the literal string John & Jane? instead of seeing a stray & that splits it into bogus extra parameters. Decoding John%20%26%20Jane%3F returns the original text exactly. The key idea: encode each value before you concatenate it into the URL, not the URL as a whole.
#, or + that would otherwise be misread.redirect_uri, state, and scope are commonly percent-encoded.Spaces are not always %20. In the query string of an HTML form submission, a space is historically encoded as +, and the + is only literal when itself written as %2B. If you decode form data and see + where you expected spaces, that is why. Standard percent-encoding (this tool's default) uses %20.
Double-encoding is the classic bug. If you encode a value that was already encoded, %20 becomes %2520 (the % itself gets escaped to %25). When a link shows %2520, decode it twice to recover the original. Only encode each value once, at the point you insert it.
Picking the wrong mode corrupts URLs. Running a full URL through component mode escapes its /, :, and ?, producing a string that is no longer a usable address. Encode whole URLs in full-URL mode and individual fields in component mode.
The URL standard splits characters into two groups. Unreserved characters are always safe and are never encoded: the letters A-Z and a-z, the digits 0-9, and the four marks -, _, ., and ~. Everything else outside this set is either reserved or must be escaped.
Reserved characters have a structural meaning in a URL — : separates the scheme, / separates path segments, ? starts the query, # starts the fragment, and & and = delimit query parameters. They are safe only when used for that purpose. The moment one of those characters needs to appear as data inside a value, it must be percent-encoded so the parser does not treat it as structure.
This distinction is exactly why component mode and full-URL mode exist: component mode treats reserved characters as data and escapes them, while full-URL mode preserves them as structure.
encodeURI is for a complete URL and leaves structural characters like : / ? # & = intact. encodeURIComponent is for a single value and escapes those characters too, so they are treated as data. In this tool they map to full-URL mode and component mode.
Standard percent-encoding uses %20 for a space. The + convention comes from the older application/x-www-form-urlencoded format used by HTML form submissions, where + means space and a literal plus is written as %2B.
It is a double-encoded space. The original space became %20, then that string was encoded again, turning the % into %25 and producing %2520. Decode the value twice to get the original text back.
Yes. Text is encoded as UTF-8, one byte per %XX sequence, so emoji, accented letters, and scripts like Cyrillic, Arabic, and CJK round-trip correctly without corruption.
No. Encoding and decoding run entirely in your browser. Nothing is uploaded, which is why it is safe to paste URLs containing tokens, keys, or session IDs.
The unreserved set: letters A-Z and a-z, digits 0-9, and the four marks - _ . and ~. Everything else may be escaped depending on the mode you choose.
You likely encoded a whole URL in component mode, which escapes its : / and ? characters. Encode complete URLs in full-URL mode and encode individual field values in component mode.
Encode that URL in component mode before adding it as the parameter value. For example a redirect_uri should be component-encoded so its own : / ? do not interfere with the outer URL's structure.