URL Encoder & Decoder
Encode or decode URLs and query strings. Handle special characters for safe URL usage.
Encode text for safe inclusion in URLs (query strings, path segments, fragments) or decode percent-encoded URLs back to readable text. Distinguishes between encodeURIComponent (for values) and encodeURI (for full URLs), so you pick the right level of escaping. Handles Unicode correctly — emoji, non-Latin scripts, and accented characters all round-trip through UTF-8 percent-encoding.
URLs have a restricted character set — only letters, digits, and a few specific symbols are allowed unescaped. Anything else (spaces, punctuation, non-ASCII) must be percent-encoded as one or more bytes in %XX form. This matters because an unencoded space or ampersand in a query parameter can silently break a request, with the server splitting the value at an unexpected boundary.
There are two encoding modes: encodeURI escapes only characters that would break the URL structure but leaves reserved characters like /, ?, &, and = alone. encodeURIComponent is stricter — it escapes everything that isn't safe inside a single component, which is what you want when you're building a query string value or a path segment. A common bug is using encodeURI where encodeURIComponent was needed, leaving & signs unescaped in a value and accidentally creating extra query parameters.
Percent-encoding is per-byte UTF-8. A character like é is two bytes (%C3%A9), and emoji take up to four. Decoders that don't handle UTF-8 produce garbled text (mojibake). This tool decodes correctly in both directions.
- 1
Choose mode
Encode turns a readable string into percent-encoded form. Decode reverses a percent-encoded string back to readable text.
- 2
Pick the encoding level
Use 'component' (encodeURIComponent) for query values and path segments. Use 'URI' (encodeURI) when encoding a whole URL and you want reserved characters like /, ?, & to stay intact.
- 3
Paste your input
Drop in the text to encode or the URL to decode. The output updates live as you type.
- 4
Copy the result
Copy the encoded string into your URL, or paste the decoded value to read it comfortably.
Building query strings
Encode search terms, filter values, or user input before appending them to a URL, so ampersands and equals signs don't break parsing.
Debugging tracking URLs
Decode a complex tracking or affiliate link to see what parameters it actually carries.
Reading obfuscated links
Spam and phishing links often use heavy percent-encoding to hide their destination. Decoding reveals the actual URL.
API request URIs
Encode path parameters that contain user input — usernames, file names, or IDs that might include special characters.
What's the difference between encodeURI and encodeURIComponent?
encodeURI is meant for whole URLs and preserves reserved characters like /, ?, #, &, and =. encodeURIComponent escapes everything that isn't an unreserved character, making it safe for use as a single component value. Most of the time, you want encodeURIComponent.
Why do spaces become %20 sometimes and + other times?
%20 is the standard percent-encoding for a space. + is an older shortcut used specifically in application/x-www-form-urlencoded (form posts) where + means space. Use %20 when in doubt — it works everywhere, including query strings.
Does this handle non-Latin characters correctly?
Yes. Percent-encoding uses UTF-8, so characters like é, ñ, Arabic, Chinese, and emoji each encode to one or more %XX bytes. Decoding correctly reconstructs the original character.
Should I encode the whole URL or just the values?
Build the URL structure first with encodeURI on the full URL, or (safer) encode each query value with encodeURIComponent before assembling the query string. Never blindly encode an already-encoded URL — you'll double-encode and produce garbled output.
What characters are always safe in a URL?
Unreserved characters (A–Z, a–z, 0–9, hyphen, underscore, period, tilde) never need encoding. Reserved characters (!, *, ', (, ), ;, :, @, &, =, +, $, ,, /, ?, #, [, ]) sometimes do, depending on context.