URL Encoder / Decoder

Safely escape or unescape characters for uniform resource locators.

What this tool does

This tool encodes text to URL-encoded format and decodes URL-encoded strings.

Input formats: UTF-8 String / URL Encoded
Output formats: URL Encoded / UTF-8 String
Runs locally in your browser.

Fragile characters in URLs often break web server requests or lead to 'URI malformed' exceptions in your application code.

Example Broken Input: Searching for 'hello world!' results in a URL that needs to encode the space and exclamation mark safely.

Why it happens: Certain characters carry special meaning in a URL structure; failing to escape them correctly creates ambiguity and breaks redirects or analytics tracking.

Solution (Use Tool): The URL Encoder / Decoder workshop sanitizes strings using the `encodeURIComponent` standard. It handles multi-layered escapes entirely in your browser to maintain data privacy.

Advanced Notes: Use the decoder to audit complex redirect chains or to extract clean JSON payloads from encoded query parameters.

How to URL Encode or Decode Text

  1. Type or paste your raw text or URL into the input area.
  2. Select whether you want to Encode or Decode the string using the toggle switch.
  3. The converted output appears instantly.
  4. Click 'Copy' to copy the encoded or decoded string to your clipboard.

Examples

Input:
https://example.com/?search=hello world!
Output:
https%3A%2F%2Fexample.com%2F%3Fsearch%3Dhello%20world!
Input:
test%40email.com
Output:
test@email.com (Decoded)

Percent Encoding Explained: RFC 3986

RFC 3986 defines which characters are safe in URLs and how unsafe characters must be encoded. Unreserved characters, including letters, digits, hyphens, periods, underscores, and tildes, can appear as-is. Reserved characters like /, ?, #, &, and = have special meaning in URL structure and must be percent-encoded when used as data rather than delimiters.

Percent encoding converts each byte of a character's UTF-8 representation into a %XX hexadecimal pair. The space character becomes %20 in URL paths. However, in query strings, the application/x-www-form-urlencoded format encodes spaces as + signs, a legacy convention from HTML form submissions.

JavaScript provides two encoding functions with different scopes. encodeURI() encodes a complete URI but leaves reserved characters intact because they serve structural roles. encodeURIComponent() encodes everything except unreserved characters, making it safe for encoding individual query parameter values. Using encodeURI() on a query parameter value would leave characters like & and = unencoded, breaking the query string structure.

Understanding this distinction prevents a common class of bugs where URLs work for simple ASCII inputs but break when users enter special characters, non-Latin text, or values containing reserved URL characters.

Double Encoding: The Most Common URL Bug

Double encoding occurs when an already percent-encoded string passes through an encoding function a second time. The character %20 (a space) becomes %2520 because the percent sign itself gets encoded to %25. The server receives %2520, decodes it once to %20, and displays a literal %20 instead of a space.

This bug is insidious because it only manifests with special characters. URLs containing only ASCII letters and digits work fine regardless of how many times they are encoded. The problem appears when users enter spaces, accented characters, or symbols, making it intermittent and hard to reproduce.

Double encoding commonly happens in redirect chains. A login page encodes the return URL as a query parameter. The authentication service encodes the entire redirect URL again when passing it to another service. By the time the user arrives at their destination, the URL has been encoded twice and no longer matches any route.

To detect double encoding in logs, search for %25 followed by two hexadecimal digits. The string %2520 is almost always a double-encoded space. The fix is to ensure each component in your URL pipeline encodes exactly once: encode raw user input at the point of entry and pass the encoded result through without re-encoding.

Frequently Asked Questions

What mechanism does this tool use?

It uses standard native JavaScript functions: `encodeURIComponent` for encoding ensuring all special characters are safely escaped, and `decodeURIComponent` for reverting them.

Why do spaces become %20?

Spaces are invalid in web URLs. The standard hex value equivalent for a space character in ASCII is 20, so URL encoding escapes it to %20.

Is a network connection required?

No, you don't need to be online. Once the page is loaded, the conversion is handled completely by local JavaScript.

Does this tool run locally?

Yes, this tool runs entirely locally in your browser sandbox using JavaScript.

Is my data uploaded to a server?

No, your data is never uploaded to any server. All processing is strictly client-side.

Can I use this tool offline?

Yes, once the page is loaded, the tool can function completely offline without an internet connection.

Learn More (Knowledge Base)

NFC vs NFD: Unicode Normalization Explained

Understand NFC vs NFD, when to use each, and how Unicode normalization affects search, databases, APIs, slugs, and string comparison.

How to Normalize UTF-8 to NFC with utf8proc

Use utf8proc to normalize UTF-8 text to NFC in C projects, avoid mixed normalization forms, and handle practical storage and comparison issues.

How to Detect Hidden Unicode Characters in Text

Find and fix zero-width spaces, BOM characters, combining marks, and other hidden Unicode characters that break matching, counts, and formatting.

How to Create SEO-Friendly URL Slugs

Learn how to create readable, stable, hyphenated URL slugs for blogs, docs, products, and content systems without creating slug chaos.

URL Encoding, Base64, and Web-Safe Strings Explained

Understand percent encoding (RFC 3986), Base64 variants, data URIs, JWT structure, slug generation, and how to avoid double-encoding bugs in web applications.