Skip to content

URL Encoder & Decoder with Built-in URL Parser

Paste a URL to decode or encode it in real time. Built-in URL parser breaks down every component into editable fields. Dual mode: encodeURI & encodeURIComponent. Private — no data sent to any server.

No Tracking Runs in Browser Free
Decoded
Encoded
Reviewed for RFC 3986 compliance, encodeURI/encodeURIComponent correctness, and UTF-8 encoding accuracy — Go Tools Engineering Team · Apr 7, 2026

What is URL Encoding (Percent Encoding)?

URL encoding, formally known as percent encoding, is a mechanism defined in RFC 3986 for representing characters in a Uniform Resource Identifier (URI) that are not allowed or have special meaning. It converts each unsafe byte into a percent sign (%) followed by two hexadecimal digits — for example, a space becomes %20, an ampersand becomes %26, and the Chinese character 中 becomes %E4%B8%AD (its three UTF-8 bytes, each percent-encoded).

URLs can only contain a limited set of characters from the ASCII character set. Letters, digits, and a handful of symbols (- _ . ~) are considered 'unreserved' and can appear as-is. All other characters — including spaces, punctuation, and the entire range of Unicode — must be percent-encoded to be safely transmitted in a URL. Reserved characters like ?, &, =, and # serve as structural delimiters in the URL syntax, so they must also be encoded when used as literal data rather than delimiters.

Percent encoding is essential throughout the web: browsers encode form submissions, APIs require encoded query parameters, OAuth flows depend on correctly encoded redirect URIs, and internationalized domain names rely on encoding for non-ASCII characters. Getting encoding wrong leads to broken links, security vulnerabilities (like open redirect attacks), and data corruption.

This tool provides both encodeURI and encodeURIComponent modes, a built-in URL structure parser, real-time conversion, and double-encoding detection — all running privately in your browser.

URL encoding is often used alongside other web development tools. You might need to Base64-encode a URL for embedding in a JWT token or API payload, or format JSON data that contains URL strings to inspect their structure.

// Encode a query parameter value
const param = encodeURIComponent('hello world & goodbye');
console.log(param); // → 'hello%20world%20%26%20goodbye'

// Encode a full URL (preserves structure)
const url = encodeURI('https://example.com/path name?q=hello world');
console.log(url); // → 'https://example.com/path%20name?q=hello%20world'

// Decode a percent-encoded string
const decoded = decodeURIComponent('hello%20world%20%26%20goodbye');
console.log(decoded); // → 'hello world & goodbye'

// Build a URL with encoded parameters
const base = 'https://api.example.com/search';
const query = `?q=${encodeURIComponent('你好')}&lang=zh`;
console.log(base + query); // → 'https://api.example.com/search?q=%E4%BD%A0%E5%A5%BD&lang=zh'

Key Features

Dual Encoding Modes

Switch between encodeURI (preserves URL structure) and encodeURIComponent (encodes everything for parameter values) to match your exact use case.

Built-in URL Parser

Automatically breaks down any URL into protocol, host, port, path, query parameters, and fragment — each field is editable and can be rebuilt into a new URL.

Real-Time Conversion

Encode and decode instantly as you type — no buttons to click, results appear immediately in the other area with every keystroke.

100% Browser-Based

All processing happens locally in your browser using native JavaScript APIs. Your data never leaves your device — no server uploads, no tracking.

Full UTF-8 Support

Correctly handles Chinese, Japanese, Korean, Arabic, emoji, and any Unicode text through proper UTF-8 byte encoding and decoding.

Double Encoding Detection

Automatically detects and warns about double encoding issues like %2520 (a percent-encoded %20), helping you avoid one of the most common URL encoding mistakes.

Examples

Decode Garbled URL

https%3A%2F%2Fexample.com%2Fsearch%3Fq%3Dhello%20world%26lang%3Den
https://example.com/search?q=hello world&lang=en

A fully percent-encoded URL is decoded back to its human-readable form, revealing the original query parameters and structure

Chinese Characters

https://example.com/search?q=你好世界
https://example.com/search?q=%E4%BD%A0%E5%A5%BD%E4%B8%96%E7%95%8C

Chinese characters are converted to their UTF-8 byte sequences and percent-encoded

Query Parameters

https://example.com/api?name=John Doe&role=admin&lang=en&sort=date desc
https://example.com/api?name=John%20Doe&role=admin&lang=en&sort=date%20desc

Spaces and special characters in query parameter values are percent-encoded while preserving URL structure

Full URL

https://user:pass@example.com:8080/path/to/page?key=value&arr[]=1#section-2
https://user:pass@example.com:8080/path/to/page?key=value&arr%5B%5D=1#section-2

A complete URL with credentials, port, path, query parameters with brackets, and a fragment identifier

OAuth Redirect URI

https://auth.example.com/authorize?redirect_uri=https://myapp.com/callback?code=abc&state=xyz
https://auth.example.com/authorize?redirect_uri=https%3A%2F%2Fmyapp.com%2Fcallback%3Fcode%3Dabc%26state%3Dxyz

The redirect_uri value itself contains a full URL that must be encoded so that its special characters are not interpreted as part of the outer URL

How to Use

  1. 1

    Enter a URL or Encoded String

    Paste a URL in the decoded area to encode it, or paste a percent-encoded string in the encoded area to decode it. Select encodeURI or encodeURIComponent mode depending on your use case.

  2. 2

    See Results and Parsed Structure

    The other area updates instantly as you type. The URL parser breaks down the URL into protocol, host, port, path, query parameters, and fragment — all editable.

  3. 3

    Copy or Rebuild

    Click Copy to copy the encoded or decoded result. Edit individual URL components and click Rebuild to construct a new URL from the modified parts.

Common Errors

Double Encoding (%2520 instead of %20)

Double encoding occurs when an already-encoded URL is encoded again. The % in %20 gets encoded to %25, turning %20 into %2520. This breaks the URL because the server sees a literal %20 string instead of a space.

✗ Wrong 
https://example.com/path%2520with%2520spaces
✓ Correct 
https://example.com/path%20with%20spaces

Space Encoded as + in Path Segments

The + character represents a space only in application/x-www-form-urlencoded format (query strings from HTML forms). In URL path segments, + is interpreted as a literal plus sign, not a space. Always use %20 for spaces in path segments.

✗ Wrong 
https://example.com/my+file+name.pdf
✓ Correct 
https://example.com/my%20file%20name.pdf

Using encodeURI on Query Parameter Values

encodeURI() does not encode &, =, or other reserved characters, so using it on a parameter value that contains these characters corrupts the query string structure.

✗ Wrong 
encodeURI('key=value&more')  → 'key=value&more' (& not encoded!)
✓ Correct 
encodeURIComponent('key=value&more')  → 'key%3Dvalue%26more'

Assuming Non-UTF-8 Encoding

Some legacy systems use encodings like Latin-1 or Shift-JIS for URL parameters. Modern standards require UTF-8. Decoding a Shift-JIS encoded parameter with a UTF-8 decoder produces corrupted text.

✗ Wrong 
Decoding %82%B1%82%F1 as UTF-8 (this is Shift-JIS for こん)
✓ Correct 
Using UTF-8: %E3%81%93%E3%82%93 correctly decodes to こん

Encoding Relative Paths Without Context

Encoding a relative path like ../images/photo.jpg with encodeURIComponent turns the slashes and dots into percent-encoded sequences, breaking the path structure. Use encodeURI() or encode only the individual path segments.

✗ Wrong 
encodeURIComponent('../images/photo.jpg')  → '..%2Fimages%2Fphoto.jpg'
✓ Correct 
Encode each segment: '../images/' + encodeURIComponent('my photo.jpg')

Common Use Cases

Debugging Garbled URLs
Decode percent-encoded URLs from server logs, error messages, or browser dev tools to read the original human-readable text.
API Development
Encode query parameter values for REST API calls, ensuring special characters like &, =, and spaces don't break the request URL.
OAuth Flow Setup
Properly encode redirect_uri and other URL parameters in OAuth authorization URLs to prevent authentication failures.
Internationalized URLs
Encode and decode URLs containing Chinese, Japanese, Korean, Arabic, or other non-ASCII characters for internationalized web applications.
Marketing Link Analysis
Decode tracking URLs from email campaigns and advertising platforms to understand the embedded UTM parameters and redirect chains.
URL Structure Inspection
Parse complex URLs into their component parts — protocol, host, port, path, query parameters, and fragment — for analysis and modification.

Technical Details

RFC 3986 Reserved & Unreserved Characters
RFC 3986 defines unreserved characters (A-Z, a-z, 0-9, -, ., _, ~) that never need encoding, and reserved characters (:, /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ,, ;, =) that serve as URI delimiters and must be percent-encoded when used as data.
UTF-8 Byte Encoding Flow
Non-ASCII characters are first converted to their Unicode code point, then encoded as UTF-8 bytes (1-4 bytes depending on the code point range), and finally each byte is percent-encoded as %XX. For example: é (U+00E9) → UTF-8 bytes C3 A9 → %C3%A9. The emoji 🎉 (U+1F389) → UTF-8 bytes F0 9F 8E 89 → %F0%9F%8E%89.
URL vs URI Terminology
A URI (Uniform Resource Identifier) is the general term for any identifier string. A URL (Uniform Resource Locator) is a URI that also specifies the access mechanism (like https://). The encoding rules in RFC 3986 apply to all URIs. JavaScript's API uses the URI terminology (encodeURI, decodeURI), while everyday usage favors URL.

Best Practices

Use the Right Mode for the Job
Use encodeURIComponent() for individual query parameter keys and values. Use encodeURI() only when you have a complete URL and want to encode unsafe characters without breaking its structure. Never use encodeURI() on parameter values that may contain &, =, or other reserved characters.
Avoid Double Encoding
Before encoding a string, check whether it is already encoded. Look for existing % sequences. Encoding an already-encoded string turns %20 into %2520, %3D into %253D, and so on. If you're unsure, decode first, then encode once.
Decode on the Server Side
Most web frameworks automatically decode URL parameters before your application code sees them. Avoid manually decoding parameters that your framework has already decoded — this can cause issues if the original value contained literal percent sequences.
Encode Values for OAuth and API Signing
OAuth 1.0 signature base strings and many API signing algorithms require strict RFC 3986 percent encoding. Use encodeURIComponent() and then replace any remaining characters that it doesn't encode (like !, ', (, ), *) with their percent-encoded equivalents if the spec requires it.

Frequently Asked Questions

What is URL encoding and why is it necessary?
URL encoding (percent encoding) converts unsafe characters into %XX hex sequences so they can be safely included in URLs. Characters like spaces, ampersands, and non-ASCII text must be encoded because they would otherwise break URL structure or be misinterpreted by browsers and servers. Defined in RFC 3986, this mechanism works because URLs can only contain a limited set of US-ASCII characters — letters (A-Z, a-z), digits (0-9), and a few symbols like hyphens, underscores, periods, and tildes. Any character outside this safe set is encoded as a percent sign (%) followed by two hexadecimal digits representing the character's byte value. For example, a space becomes %20, a forward slash becomes %2F, and an ampersand becomes %26. Characters like &, =, ?, and # have special structural meaning in URLs — they delimit query parameters, fragments, and other components. Without encoding, a literal & in a parameter value would be misinterpreted as a parameter separator, breaking the URL structure entirely.
What is the difference between encodeURI and encodeURIComponent?
encodeURI() encodes a full URL while preserving structural characters like :, /, ?, and #. encodeURIComponent() encodes everything except letters, digits, and - _ . ~, making it the correct choice for encoding individual query parameter values. Use encodeURIComponent() for parameter keys and values, and encodeURI() only for complete URLs. For example, encodeURI('https://example.com/path name') produces 'https://example.com/path%20name', preserving the :// and /. encodeURIComponent() is far more aggressive — it encodes :, /, ?, #, &, and =. If you used encodeURI() on a parameter value that contained an ampersand, the & would pass through unencoded and be misinterpreted as a parameter separator. encodeURIComponent() would correctly encode it as %26. Mixing these up is one of the most common causes of URL-related bugs in web applications.
Is URL encoding the same as HTML encoding?
No. URL encoding converts characters to %XX hex sequences for URLs (RFC 3986), while HTML encoding converts characters to entities like & and < for HTML documents. They serve completely different purposes and should never be interchanged. URL encoding is for data transport within URLs — a space becomes %20. HTML encoding is for safely displaying content in HTML — an ampersand becomes &. A common mistake is to apply HTML encoding to URL parameters or vice versa. For example, encoding a space as   in a URL would not work — it must be %20 or +. Similarly, using %3C in HTML text instead of < would not achieve the desired escaping.
Why does my URL break when I use it in a curl command?
The shell interprets special URL characters before curl sees them: & runs commands in background, ? triggers globbing, and # starts a comment. Fix this by wrapping the URL in single quotes: curl 'https://example.com/api?key=value&page=2#section'. Single quotes prevent the shell from interpreting any special characters. The ampersand (&) is the most common culprit — it tells the shell to run the preceding command in the background, splitting your URL at the first & and discarding everything after it. Alternatively, you can escape individual characters with backslashes, but quoting the entire URL is simpler and less error-prone. If your URL also contains single quotes, use double quotes instead and escape any embedded dollar signs or backticks.
Why do Chinese characters become strings like %E4%B8%AD in URLs?
Chinese characters are first converted to UTF-8 bytes, then each byte is percent-encoded as %XX. The character 中 (U+4E2D) becomes three UTF-8 bytes (E4, B8, AD), producing %E4%B8%AD — that's why one Chinese character expands to 9 characters in a URL. This three-step process — character to Unicode code point, code point to UTF-8 bytes, bytes to percent-encoded hex — applies to all non-ASCII characters. Emoji often require 4 UTF-8 bytes and thus expand to 12 characters when percent-encoded. When the URL is decoded, the reverse happens: the hex values are converted back to bytes, the bytes are interpreted as UTF-8, and the original characters are restored.
Should I encode the OAuth redirect_uri parameter?
Yes, always encode it with encodeURIComponent(). The redirect_uri is a full URL embedded as a query parameter value, so its special characters (?, &, =) must be encoded to prevent them from being misinterpreted as part of the outer URL's structure. For example, redirect_uri=https://myapp.com/callback?code=abc&state=xyz without encoding would cause the authorization server to see redirect_uri as only https://myapp.com/callback?code=abc, while state=xyz would be parsed as a separate parameter of the outer URL. The correctly encoded version is redirect_uri=https%3A%2F%2Fmyapp.com%2Fcallback%3Fcode%3Dabc%26state%3Dxyz.
What is the difference between Node.js querystring and URLSearchParams?
Use URLSearchParams for new projects — it's the WHATWG standard, matches browser behavior, and works identically in Node.js and browsers. The querystring module is legacy and no longer actively developed. Key differences: URLSearchParams encodes spaces as + (form encoding standard), handles repeated keys via getAll(), and provides an iterable interface with entries(), keys(), and values() methods. The querystring module encodes spaces as %20 and has quirks with array handling (key=1&key=2 becomes { key: ['1', '2'] }). URLSearchParams is standards-compliant and recommended by the Node.js documentation itself.
How do I encode a URL in Python, JavaScript, and Java?
JavaScript: encodeURIComponent('hello world') produces 'hello%20world'. Python: urllib.parse.quote('hello world') produces 'hello%20world'. Java: URLEncoder.encode('hello world', StandardCharsets.UTF_8) produces 'hello+world' (replace + with %20 for RFC 3986). In JavaScript, use encodeURIComponent() for parameter values and encodeURI() for full URLs. In Python 3, use urllib.parse.quote() for path segments and urllib.parse.urlencode() for query parameters — urlencode({'q': 'hello world'}) produces 'q=hello+world'. In Java, note that URLEncoder uses form encoding (spaces as +). For building complete URIs, use java.net.URI or the URIBuilder class from Apache HttpClient.
Which characters are not encoded by URL encoding?
RFC 3986 defines 66 unreserved characters that never need encoding: A-Z, a-z, 0-9, hyphen (-), period (.), underscore (_), and tilde (~). These can appear literally in any part of a URL. Reserved characters — :, /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ;, and = — are allowed in their structural roles (like ? for query strings) but must be percent-encoded when used as literal data. In JavaScript, encodeURIComponent() encodes everything except A-Z a-z 0-9 - _ . ~ and ! ' ( ) *, while encodeURI() additionally preserves reserved characters that serve as URL delimiters.
What is the difference between + and %20 for encoding spaces?
Both represent a space, but %20 is the universally safe choice. The + convention comes from HTML form encoding (application/x-www-form-urlencoded) and only works in query strings. In URL path segments, + is a literal plus sign, not a space. When in doubt, use %20. The + encoding originates from the HTML specification — when browsers submit forms, spaces become + and the + character itself becomes %2B. The %20 encoding comes from RFC 3986 (URI syntax), where every non-unreserved character is encoded as a percent sign followed by two hex digits. %20 works in all parts of a URL: path, query, and fragment.
How does URL encoding handle emoji?
A single emoji typically expands to 12 characters in a URL. Emoji are converted to UTF-8 bytes (usually 4 bytes), then each byte is percent-encoded as %XX. For example, 🚀 (U+1F680) becomes %F0%9F%9A%80. Most emoji use code points in the range U+1F000 to U+1FFFF or higher, which require 4 bytes in UTF-8. Some emoji with skin tone modifiers or ZWJ sequences consist of multiple code points and can expand to 30+ characters when encoded. Despite this expansion, the encoding is fully reversible — decoding %F0%9F%9A%80 correctly produces 🚀.
Can URL encoding be used for encryption or security?
No. URL encoding is not encryption and provides zero security. It is a fully reversible, deterministic transformation — anyone can decode a percent-encoded string instantly without any key or secret. It exists solely to escape special characters for safe URL transport. Treating URL encoding as obfuscation or security is a dangerous misconception. Sensitive data like passwords, tokens, or personal information should be protected by HTTPS (TLS encryption of the entire request), not by URL encoding. Additionally, URLs often appear in server logs, browser history, and referrer headers, so sensitive data should generally be sent in request bodies rather than URLs.
What is the maximum length of a URL?
There is no official maximum, but keep URLs under 2,000 characters for maximum compatibility. Most browsers support ~2,048 characters, Apache defaults to 8,190 bytes, and Nginx to 8,192 bytes. For large data, use POST requests instead. The HTTP specifications (RFC 7230) do not define a maximum URL length, but practical limits exist at every layer. Chrome and Firefox can handle URLs exceeding 100,000 characters, while IIS limits query strings to 16,384 bytes. CDNs and proxies may have even stricter limits. When URL encoding expands characters — especially non-ASCII text — a seemingly short URL can quickly approach these limits.
What is the difference between a URL and a URI?
A URI (Uniform Resource Identifier) is any string that identifies a resource. A URL (Uniform Resource Locator) is a URI that also specifies how to access it via a protocol like https://. All URLs are URIs, but not all URIs are URLs — for example, a URN like urn:isbn:0451450523 identifies a book by ISBN but doesn't tell you where to find it. In everyday web development, the terms URL and URI are often used interchangeably. The encoding rules defined in RFC 3986 apply to both. JavaScript's functions are named encodeURI/decodeURI, reflecting the broader URI terminology, even though most developers work exclusively with URLs.

Related Tools

View all tools →

Base64 Decoder & Encoder

Encoding & Formatting

Decode and encode Base64 online for free. Real-time conversion with full UTF-8 and emoji support. 100% private — runs in your browser. No signup needed.

JSON Formatter & Validator

Encoding & Formatting

Format, validate and beautify JSON instantly in your browser. Free online tool with syntax validation, error detection, minify and one-click copy. 100% private.

Number Base Converter — Binary, Hex, Decimal & Octal

Conversion Tools

Convert numbers between binary, hexadecimal, decimal, octal, and any custom base (2-36) instantly. Free, private, no sign-up — all processing happens in your browser.

Compress Images Online — JPEG, PNG & WebP

Conversion Tools

Reduce image size up to 80% — compress JPEG, PNG & WebP in your browser, no upload needed. Batch 20 images, adjust quality, compare before & after. Free & private.

Length Unit Converter — Metric, Imperial & More

Conversion Tools

1 inch = 2.54 cm, 1 foot = 0.3048 m, 1 mile = 1.609 km. Convert between 16 length units instantly — metric, imperial, nautical & astronomical. Free, private, runs in your browser.

MD5 Hash Generator & File Checksum Tool

Security Tools

Generate MD5, SHA-256, SHA-1 & SHA-512 hashes online for free. Hash text or files in your browser, verify checksums and copy results. No signup needed.