URL Encoder / Decoder
Encode special characters in URLs using percent-encoding, or decode percent-encoded URLs back to readable text.
Percent-encoding for safe URLs and query strings
RFC 3986 reserves characters like ?, #, &, and space—encode them before concatenating user input into static maps or deep links. Decode reverses %XX triplets and handles UTF-8.
Double-encoding bugs appear when middleware re-encodes already-safe strings—compare against framework helpers.
Related tools
These free tools pair well with this page — open them in a new tab to finish your workflow.
Frequently Asked Questions
What is URL encoding?
URL encoding (percent-encoding) converts characters that are not allowed in URLs into a safe format. For example, spaces become %20 and & becomes %26.
When do I need to URL encode text?
You need to encode text when embedding it in a URL query string, especially if it contains special characters like spaces, &, =, +, or non-ASCII characters.
What is the difference between encodeURI and encodeURIComponent?
encodeURI encodes a full URL, leaving characters like /, ?, & intact. encodeURIComponent encodes a URL component (like a query value), converting those characters too. Use encodeURIComponent for individual parameter values.
Should I encode the entire URL or just parts?
Encode individual query parameter values, not the entire URL. Encoding the full URL would break its structure by encoding slashes and colons.
What characters do not need encoding?
Unreserved characters — letters (A–Z, a–z), digits (0–9), and -._~ — do not need encoding and are passed through as-is.
Is decoding safe for all encoded strings?
Decoding is generally safe, but be cautious about decoding untrusted input and then using it in a URL or database query, as it could introduce injection vulnerabilities.