What is URL Encoder / Decoder?
A URL Encoder / Decoder computes url encoder / decoder from the inputs you provide. It applies the standard formula to the values you enter and returns the result instantly, without sending any data to a server. Encode special characters for URLs (encodeURIComponent) or decode %-encoded strings.
URL Encoder / Decoder
Encode or decode URL components - spaces become %20, & becomes %26. Auto-detect direction.
TLDR
Paste a string. If it contains %xx sequences, the tool decodes; otherwise it encodes via encodeURIComponent. Useful for query strings, OAuth redirects, and form data.
About URL encoding
URL encoding, also called percent-encoding, is the way unsafe or reserved characters are represented inside a web address. A URL is only allowed to contain a limited set of characters; anything outside that set, such as a space, an ampersand, or an accented letter, must be replaced with a percent sign followed by the two-digit hexadecimal value of its byte. So a space becomes %20 and an ampersand becomes %26. This tool encodes text into that safe form and decodes percent-encoded text back to readable characters, all in your browser.
The rules come from the URL standard (RFC 3986). Characters are split into three groups: unreserved characters (A-Z, a-z, 0-9, and the symbols - _ . ~) that are always safe and never encoded; reserved characters (such as / ? # [ ] @ ! $ & ' ( ) * + , ; =) that have special meaning in a URL and are encoded when used as data rather than as delimiters; and everything else, which is always encoded. Because the web runs on UTF-8, a non-ASCII character can expand into several percent-encoded bytes.
How it works
Encoding converts each unsafe character to its UTF-8 bytes and writes each byte as a percent sign plus two hex digits. Decoding finds each %XX sequence and turns it back into the original byte.
unsafe char -> UTF-8 byte(s) -> %HH for each byte space = %20 & = %26 ? = %3F / = %2F unreserved (A-Z a-z 0-9 - _ . ~) are left as-is UTF-8: an accented or emoji character spans several %HH bytes
- encodeURIComponent vs encodeURI: the component version encodes reserved characters like / and ?, which is what you want for a single query value; encodeURI leaves them for whole URLs.
- %20 versus +: in a path a space is %20, but in a form-submitted query string a space is often written as a plus sign.
- Always encode user input: any value placed into a query parameter should be encoded so its special characters do not break the URL.
Worked example
You want to put the search phrase fish & chips into a query parameter ?q=.
- The space becomes
%20. - The ampersand is reserved (it separates parameters), so it becomes
%26. - Encoded value:
fish%20%26%20chips. - Full URL:
https://example.com/search?q=fish%20%26%20chips. - Decode check: the server decodes it back to
fish & chipsas a single value.
Percent-encoding reference
| Character | Encoded | Role |
|---|---|---|
| space | %20 | always encoded |
| & | %26 | reserved (param separator) |
| ? | %3F | reserved (query start) |
| / | %2F | reserved (path separator) |
| A | A | unreserved (never encoded) |
Common pitfalls
- Double encoding. Encoding an already-encoded string turns %20 into %2520, which breaks the value; encode once only.
- Using encodeURI for a single value. It leaves & and ? unencoded, so a query value containing them gets split; use the component form for individual parameters.
- Assuming + always means space. A plus is a space only in form-encoded query strings; in a path %20 is required, and a literal plus must itself be encoded as %2B.
- Forgetting non-ASCII bytes. Accented letters and emoji expand into several %HH sequences under UTF-8; one visible character is not one byte.
- Treating encoding as security. Percent-encoding is reversible and public; it formats data for URLs but provides no protection.
Related tools
Frequently asked questions
What is URL encoding?
URL encoding, or percent-encoding, replaces characters that are unsafe or reserved in a web address with a percent sign followed by the two-digit hex value of their byte. A space becomes %20 and an ampersand becomes %26. It lets you safely place arbitrary text, including spaces and symbols, into a URL without breaking its structure.
Which characters need to be encoded?
The URL standard leaves unreserved characters (A-Z, a-z, 0-9, and - _ . ~) unencoded. Reserved characters that have special meaning, such as / ? # & = + and space, must be encoded when used as data rather than as delimiters. Any non-ASCII character is encoded as its UTF-8 bytes, each shown as %HH.
What is the difference between %20 and a plus sign?
Both can represent a space, but in different contexts. In a URL path a space must be %20. In a form-submitted query string a space is traditionally written as a plus sign. A literal plus that you mean as a character must itself be encoded as %2B so it is not read as a space.
What is the difference between encodeURI and encodeURIComponent?
encodeURIComponent encodes reserved characters like / ? & and =, which is what you want when inserting a single value into a query parameter. encodeURI leaves those delimiters intact because it is meant for encoding a whole URL. Using encodeURI on an individual value can let an & split your parameter unexpectedly.
Why did my value get mangled by double encoding?
If you encode a string that is already percent-encoded, the percent signs themselves get encoded: %20 becomes %2520. When decoded once it returns %20 instead of a space. Encode each value exactly once, and decode the same number of times, to avoid this common mistake.