Free Online URL Encoder & Decoder Tool

Encode and decode URLs, query strings, and special characters online for free. Supports both encodeURIComponent and encodeURI methods with real-time conversion. Perfect for web developers, API testing, form submissions, and safe URL transmission.

Key Features

🔐 encodeURIComponent

Encode query parameters safely
Handle form data values
Escape special characters
Preserve alphanumerics and safe chars
Most commonly used method

🌐 encodeURI

Encode complete URLs
Preserve URL structure
Keep protocol and domain
Maintain path separators
Ideal for full URIs

🔓 Decode Functions

decodeURIComponent
decodeURI
Automatic error detection
Invalid format warnings
Instant validation

⚡ Real-Time Processing

Auto-encode/decode on input
300ms debounce
Live character count
Encoded chars tracking
Instant feedback

💾 Export Options

Download as .txt file
Export as .html
Save as .json format
Copy to clipboard
Multiple formats

🔄 Utility Features

Swap input/output
Sample URL templates
Clear all button
Mode switching
Dark mode support

Why Use Our URL Encoder?

100% Free & No Limits: Encode and decode unlimited URLs without registration, subscriptions, or restrictions.

Privacy Protected: All encoding happens in your browser using JavaScript. No URLs are uploaded to servers or logged anywhere.

Real-Time Conversion: Automatic encoding/decoding as you type with instant visual feedback and character counts.

4 Encoding Methods: Support for encodeURI, encodeURIComponent, decodeURI, and decodeURIComponent for all use cases.

Developer Friendly: Built for developers with sample URLs, swap functionality, and multiple export formats.

Error Handling: Automatic detection and clear error messages for invalid encoded strings.

How to Encode URLs

Choose Encoding Method: Select encodeURIComponent (for parameters) or encodeURI (for full URLs).
Enter URL or Text: Paste or type your URL, query string, or text into the input area.
Auto-Encode: The tool automatically encodes your input in real-time as you type.
Review Output: See the encoded result with % character counts in the output panel.
Copy or Download: Click "Copy" to clipboard or "Download" to save as TXT, HTML, or JSON.

How to Decode URLs

Select Decode Mode: Choose decodeURIComponent or decodeURI based on your input type.
Paste Encoded URL: Enter your URL-encoded string (with % characters) into the input.
Auto-Decode: The tool automatically decodes and validates the input string.
Check for Errors: Invalid encoded strings will show error messages explaining the issue.
Use Decoded Result: Copy or download the human-readable decoded text.

What is URL Encoding?

URL encoding (also called percent encoding) converts characters into a format that can be safely transmitted over the internet. Special characters are replaced with "%" followed by two hexadecimal digits representing the character's ASCII code. This ensures URLs work correctly regardless of the characters they contain.

Why URL Encoding is Necessary:

Special Characters: URLs can only safely contain certain characters (A-Z, a-z, 0-9, and a few special ones). Other characters must be encoded.

Spaces: Spaces in URLs are encoded as "%20" or "+" (in query strings). "Hello World" becomes "Hello%20World".

Reserved Characters: Characters like &, =, ?, #, / have special meaning in URLs and must be encoded when used as data.

Non-ASCII Characters: Unicode characters (accents, Chinese, Arabic, emojis) must be percent-encoded for safe transmission.

encodeURIComponent vs encodeURI

encodeURIComponent: Encodes ALL special characters except: A-Z a-z 0-9 - _ . ! ~ * ' ( ). This is the most aggressive encoding and should be used for query parameters, form values, and any user data that will be part of a URL. For example, encoding "name=John&age=30" prevents the & from being interpreted as a parameter separator.

encodeURI: Encodes fewer characters, preserving URL structure characters like : / ? # [ ] @ ! $ & ' ( ) * + , ; =. Use this when encoding a complete URL that already has the correct structure. For example, encodeURI preserves "https://" and "?" so the URL remains valid.

When to Use Which: Use encodeURIComponent for values within URLs (query params, path segments). Use encodeURI for complete URLs when you want to encode only non-ASCII characters while preserving the URL structure.

Common Use Cases

Query Parameters: Encode search terms, filter values, and user input for URL query strings. Example: ?search=hello%20world&category=web%20tools ensures special characters don't break the URL.

Form Submissions: Encode form data before sending via GET requests. Spaces, ampersands, equals signs, and special characters in form values must be encoded to prevent parsing errors.

API Requests: Encode parameters for REST API calls, webhook URLs, and API endpoint paths. Ensures data integrity when passing user input to APIs.

Dynamic URLs: Build URLs programmatically with user-provided data. Encoding prevents injection attacks and ensures URL validity regardless of input.

Sharing URLs: Encode URLs for email, social media, or messaging apps. Some platforms may corrupt URLs with special characters if not properly encoded.

Redirect URLs: Encode destination URLs when implementing redirects or OAuth callbacks. Ensures the full redirect URL is preserved as a single parameter value.

Perfect For

Web developers
API developers & testers
Backend developers
Frontend developers
Full-stack developers
QA engineers

DevOps engineers
SEO specialists
Marketing professionals
Technical writers
Students learning web dev
System integrators

Characters That Get Encoded

Space: %20 (or + in query strings)

Special Characters: ! = %21, # = %23, $ = %24, % = %25, & = %26, + = %2B

Punctuation: , = %2C, / = %2F, : = %3A, ; = %3B, ? = %3F, @ = %40

Brackets: [ = %5B, ] = %5D, ( = %28, ) = %29, { = %7B, } = %7D

Quotes: " = %22, ' = %27, ` = %60

Other: < = %3C, > = %3E, \ = %5C, | = %7C, ~ = %7E

Pro Tips for URL Encoding

Always Encode User Input: Never trust user input - always encode it before adding to URLs to prevent security issues and parsing errors.
Use Correct Method: Use encodeURIComponent for values, encodeURI for complete URLs. Using the wrong one can break your URL structure.
Decode Once: Don't decode multiple times. Double-decoding can cause unexpected results and security vulnerabilities.
Handle Plus Signs: In query strings, + can represent spaces. Be aware of context when decoding.
Test Edge Cases: Test with spaces, special characters, Unicode, emojis, and very long strings to ensure robust handling.
UTF-8 Encoding: Modern browsers use UTF-8 for URL encoding. Ensure your server expects UTF-8 encoded URLs.
Avoid Double Encoding: Check if a string is already encoded before encoding again to prevent %25 (encoded %) issues.
URL Length Limits: Be aware that encoding increases URL length. Browsers have limits (typically 2000-8000 characters).
Case Sensitivity: Encoded characters use uppercase hex digits (%20 not %2a) by convention, though both work.

Common URL Encoding Examples

Original: "hello world" → Encoded: "hello%20world"

Original: "user@email.com" → Encoded: "user%40email.com"

Original: "50% off" → Encoded: "50%25%20off"

Original: "a&b=c" → Encoded: "a%26b%3Dc"

Original: "/path/to/file" → Encoded (Component): "%2Fpath%2Fto%2Ffile"

Original: "café" → Encoded: "caf%C3%A9"

Best Practices for Web Developers

Encode in the Right Layer: Encode at the presentation layer (browser/client) before sending to server.
Consistent Encoding: Use the same encoding method consistently throughout your application.
Server-Side Validation: Always validate and sanitize decoded URLs on the server side for security.
Document Your API: Clearly specify whether API endpoints expect URL-encoded parameters or not.
Framework Helpers: Use built-in encoding functions from your framework rather than rolling your own.
Handle Errors Gracefully: Catch decoding errors and provide meaningful error messages to users.
Test International Characters: Ensure your encoding handles UTF-8, accented characters, and non-Latin scripts correctly.
Consider URL Length: For very long data, consider using POST instead of GET to avoid URL length limitations.

Troubleshooting Common Errors

"URI malformed" Error: This occurs when decoding an invalid percent-encoded string. Check for incomplete percent sequences (% not followed by two hex digits) or invalid hex values.

Double Encoding Issues: If you see %2520 (encoded space encoded again), you're encoding twice. Remove the extra encoding step.

Plus Signs Not Working: + is space in query strings but literal + elsewhere. Use %20 for spaces in most cases to avoid confusion.

Special Characters Not Encoding: Make sure you're using encodeURIComponent, not encodeURI, for user input and parameter values.

Security Considerations

Prevent XSS Attacks: URL encoding is NOT sufficient to prevent XSS attacks. Always use proper output escaping for different contexts (HTML, JavaScript, CSS).

Validate Decoded Data: After decoding, validate the data against expected patterns. Don't trust decoded user input without validation.

Open Redirect Vulnerabilities: When using URLs in redirects, validate that decoded URLs point to trusted domains to prevent open redirect attacks.

SQL Injection: URL encoding doesn't protect against SQL injection. Use parameterized queries regardless of whether input was URL-encoded.

🔒 Privacy & Security

All URL encoding and decoding is performed entirely in your web browser using JavaScript. Your URLs and data are never uploaded to our servers, stored, logged, or transmitted to any third party. Everything happens locally on your device, ensuring complete privacy for your URLs, API endpoints, and sensitive query parameters.

URL Encoder & Decoder

Input

Output

URL Encoding Explained

Complete Guide to URL Encoding & Decoding