URL Encoder & Decoder

How to use

1. Paste the string you want to encode (or decode) into the box above.
2. Pick Component for a single query value or path segment, or Full URL for a whole URL that just has a few unsafe characters.
3. Click Encode or Decode. The output replaces the input in place.
4. Copy the result, or click Clear to start over.

What does it do?

URL / percent-encoding replaces characters that are unsafe or ambiguous in a URL with % followed by their UTF-8 byte value in hex. Component mode uses encodeURIComponent() and encodes every reserved character — correct for values you embed in a query string or path. Full URL mode uses encodeURI(), which preserves URL-structural characters like :/?#&=.

Example

Input:

hello world & café / 日本語

Encoded as Component:

hello%20world%20%26%20caf%C3%A9%20%2F%20%E6%97%A5%E6%9C%AC%E8%AA%9E

Encoded as Full URL:

hello%20world%20&%20caf%C3%A9%20/%20%E6%97%A5%E6%9C%AC%E8%AA%9E

Notice that Full URL left the & and / alone because they have structural meaning in a URL.

Common encoding pitfalls

• Using encodeURI for query values. encodeURI("a&b=c") gives a&b=c (unchanged), which breaks the query string. Use encodeURIComponent for values.
• Double-encoding. Encoding hello%20world a second time produces hello%2520world. Decode first or skip one layer.
• Forgetting #. A # inside a query value is treated as the fragment start unless encoded as %23.
• Plus sign confusion. + means space in form-encoded bodies but is literal + in a URL path or query. To send a real plus sign in a query value, encode it as %2B.
• Malformed percent sequence. A literal % that was never encoded causes decodeURIComponent to throw URI malformed. Either encode the % as %25 or strip lone percents before decoding.
• UTF-8 vs Latin-1 legacy servers. This tool always uses UTF-8. Some very old systems expect Latin-1 / windows-1252 — é there is %E9, not %C3%A9. If you see mojibake, the other end is not UTF-8.

Is my data private?

Yes. We don't save any of the text or URLs you paste here. Nothing is stored, logged, or retained — whatever you encode or decode is discarded as soon as you close or refresh the tab. There's no record on our side of what you ran through the tool. Feel free to verify in your browser's developer tools.

Frequently asked questions

What is the difference between encodeURI and encodeURIComponent?

encodeURIComponent escapes everything that is not a letter, digit, or one of -_.!~*'(), so it is safe for individual query values and path segments. encodeURI leaves URL-reserved characters like :/?#&= alone, so it is for encoding an entire URL that already has structure. Use Component 95% of the time; use Full URL only when you have a mostly-valid URL with stray spaces or Unicode.

What characters actually need encoding in a query string?

The query string delimiters & and = must be encoded inside a value (otherwise they look like separators). Space becomes %20 or +. The # fragment marker must be encoded. Plus: /, ?, anything non-ASCII, and control characters. encodeURIComponent handles all of these; encodeURI leaves &, =, /, ?, # unencoded because they are URL-structural.

Why is my URL getting double-encoded?

Double-encoding happens when you encode a value that is already encoded. A space becomes %20, then the % itself becomes %25, giving %2520. Usually caused by passing an already-encoded URL through encodeURIComponent again, or by a framework that auto-encodes on top of your manual encoding. Decode once and re-encode cleanly, or skip one layer.

How does this handle non-ASCII characters like emoji or accented letters?

JavaScript's encoders convert non-ASCII characters to UTF-8 bytes first, then percent-encode each byte. So é becomes %C3%A9 (two bytes) and an emoji like 😀 becomes %F0%9F%98%80 (four bytes). Decoding reverses the process. This is the standard RFC 3986 behaviour and works with every modern server.

Why does decoding fail with "URI malformed"?

decodeURIComponent throws when it sees an invalid percent sequence — a lone % not followed by two hex digits (e.g. %ZZ or just %), or UTF-8 byte sequences that are not valid (e.g. %C3 without a valid continuation byte). Common causes: a literal % in the input that was never encoded, or a string that was already decoded once and still has percent signs in it.

Should spaces become + or %20?

Both are seen in the wild. %20 is correct everywhere — in paths, query strings, and fragments. The + shortcut only means "space" inside the application/x-www-form-urlencoded format used by HTML form submissions. This tool uses %20 because encodeURIComponent does. If you need + specifically, replace %20 with + after encoding.

Do you save the URLs or strings I encode here?

No. We don't save any of the text or URLs you paste into the box. Whatever you encode or decode is discarded the moment you close or refresh the tab — no logs, no record on our side of the values you ran through. You can verify in your browser's developer tools if you'd like.

Related tools

• Base64 Encoder / Decoder — when your URL value is binary data that also needs to be URL-safe.
• JSON Prettifier — format JSON before encoding it into a query parameter.
• JWT Decoder — decode a URL-encoded JWT token copied from a query string.
• Regex Tester — extract query parameters or percent-encoded segments from a URL.
• QR Code Generator — turn an encoded URL into a scannable QR code.
• All text & developer tools