URL Encoder / Decoder

Percent-encode text for URLs and query strings, or decode it back


Plain Text

Type here and the encoded version appears on the right.

Encoded

Paste percent-encoded text here to turn it back into plain text.

Type plain text on the left to percent-encode it for safe use in a URL, or paste encoded text on the right to decode it. A toggle lets you choose between encoding a single value and encoding a whole URL — a distinction that trips a lot of people up.

What is URL encoding?

URLs are only allowed to contain a limited set of characters — letters, digits, and a handful of symbols. Anything else (a space, an accented letter, or a character that has special meaning in a URL like &, ?, = or /) has to be percent-encoded: replaced with a % followed by its byte value in hexadecimal. A space becomes %20; an ampersand becomes %26. Non-English characters are first turned into their UTF-8 bytes, then each byte is percent-encoded.

encodeURIComponent vs encodeURI

This is the key decision:

Worked examples

hello worldhello%20world — the space is escaped.
Query value a&b=c → (component) a%26b%3Dc — the & and = are escaped so they aren't mistaken for query structure.
cafécaf%C3%A9 — the é is two UTF-8 bytes, each percent-encoded.

Frequently asked questions

Why is a space sometimes %20 and sometimes +?

Both appear. In the path and most URLs a space is %20. In HTML form submissions (application/x-www-form-urlencoded) a space is traditionally encoded as +. If you're building a query string by hand, prefer %20; when reading form data, treat + as a space.

Which function should I use?

Encode each value with encodeURIComponent and assemble the URL from the pieces. Use encodeURI only when you already have a full URL string to make safe. Encoding a full URL with encodeURIComponent would break it by escaping the :// and ?.

Is URL encoding a form of encryption?

No. Like Base64, it's a reversible representation with no secret — anyone can decode it (this tool will). It only makes text safe to put in a URL; it hides nothing.

Why did decoding fail?

The input has a stray % not followed by two valid hex digits, so it isn't valid percent-encoding.

Encode the parts, not the whole. The most common bug is running an entire URL through component-encoding (which mangles :// and separators) or, conversely, failing to encode a value that itself contains & or =. Encode individual values, then build the URL.