DevKits

URL Encoder & Decoder

Percent-encode and decode URLs online. Handles query strings, path segments, and special characters correctly.

Last updated:

51 chars

Type text above to percent-encode it for safe use in URLs, or paste an encoded string to decode it back. Auto-updates live.

What is URL Encode/Decode?

URL encoding (also called percent-encoding, RFC 3986) replaces bytes that have special meaning in URLs — like space, `&`, `=`, `?`, `#`, `/` — with `%XX` hex sequences. It's what makes it possible to put arbitrary text into query strings, path segments, and fragments without breaking the URL grammar.

How to URL encode or decode

  1. 1Choose Encode or Decode at the top.
  2. 2Paste your text or encoded URL into the input.
  3. 3The output updates live in the right panel.
  4. 4Optionally toggle 'encode reserved characters' if you're encoding a full URL vs a single component.

Use Cases

Build safe query strings

Search UIs, filter chips, and shareable URLs need each parameter value URL-encoded to survive special characters.

Debug redirect chains

OAuth `redirect_uri` values, SSO callbacks, and error URLs are often double-encoded. Decode to see the real target.

Compose API requests

Some APIs demand parameters in the path (`/search/{query}`). Encode the query first to avoid breaking on slashes and hashes.

Read email tracking URLs

Marketing links wrap the real destination inside a redirect service. Decode to see where a link actually goes.

Code Examples

URL encoding in JS

// For a full URL: leaves : / ? # alone
encodeURI("https://a.com/path?q=x y");
// For a single component: escapes everything
encodeURIComponent("hello world & friends");

URL encoding in Python

from urllib.parse import quote, quote_plus
quote("hello world")        # -> "hello%20world"
quote_plus("hello world")   # -> "hello+world"  (query string style)

URL encoding in Go

import "net/url"

url.QueryEscape("hello world")   // "hello+world"
url.PathEscape("hello world")    // "hello%20world"

URL encoding with jq

jq -Rr @uri <<< "hello world"      # "hello%20world"

Key Concepts

Reserved characters
The characters `: / ? # [ ] @ ! $ & ' ( ) * + , ; =` have special meaning. Encode them when they appear inside a value; leave them when they're structural.
encodeURI vs encodeURIComponent
`encodeURI` is for a whole URL — it preserves reserved characters. `encodeURIComponent` is for one field's value — it escapes everything except unreserved characters.
Space: %20 vs +
In paths, space is `%20`. In query strings, `+` is also accepted (from HTML form encoding, `application/x-www-form-urlencoded`). Servers accept both.
Double encoding
Encoding an already-encoded string produces `%2520` (which decodes to `%20`, not space). Almost always a bug. Decode once and check.

Tips & Best Practices

  • In code, always use the library — never hand-roll `str.replace(' ', '%20')`. There are dozens of characters to handle.
  • Use `encodeURIComponent` for query values and path segments. Use `encodeURI` only when encoding a full URL you assembled yourself.
  • If a URL has `%2520` in it, someone encoded twice. Common in ad-tracking and OAuth `state` params.
  • Fragments (`#...`) are never sent to the server — they're client-only. Don't rely on them for server-side routing.

Frequently Asked Questions

When should I URL-encode a value?

Whenever a value contains characters that have special meaning in URLs (such as space, &, =, ?, #, /) and is placed in a query string, path, or fragment.

What is the difference between encodeURI and encodeURIComponent?

encodeURI leaves reserved URL characters (:/?#) untouched — use it for full URLs. encodeURIComponent escapes them too — use it for individual query values or path segments. This tool uses encodeURIComponent by default.

Related Tools