Encode or decode URLs and percent-encoded text instantly. Pick between encodeURIComponent (for query values), encodeURI (for full URLs), or application/x-www-form-urlencoded (form-style with + for spaces). Includes auto-detect mode and a URL parser that breaks any URL into protocol, host, path, query and hash with a query parameter table. Free, runs in your browser, no signup.
URL encoding (also called percent encoding) is the mechanism web browsers and servers use to safely transmit characters that would otherwise have special meaning in a URL — spaces, ampersands, slashes, non-ASCII characters and many others. Each problematic character is replaced by a % followed by its hexadecimal byte value. A space becomes %20, an ampersand becomes %26, an "é" becomes %C3%A9 (UTF-8 byte sequence). This standard is defined in RFC 3986.
You need URL encoding any time you put user input, JSON, or non-ASCII text into a URL — a query string, a path segment, or an API call. Without encoding, a space in a search query like ?q=hello world would break the URL. With encoding, it becomes ?q=hello%20world and reaches the server intact.
JavaScript provides two built-in functions, and picking the right one is the most common source of URL encoding bugs:
encodeURIComponent(s) — encodes ALL reserved characters including : / ? & = #. Use this for individual query string values, path segments, or anywhere a substring will be embedded inside a URL.encodeURI(s) — encodes only characters that are NEVER valid in a URL (spaces, non-ASCII, etc.) but PRESERVES the URL structure characters (: / ? & = #). Use this on a complete URL string that already has its structure correctly assembled.The general rule: if you're building a URL piece-by-piece from raw data, use encodeURIComponent on each piece before joining. If you have a pre-assembled URL with raw spaces or accented characters that need cleaning, use encodeURI.
Form encoding is a slight variant used when submitting HTML form data (the default content type for POST forms without multipart/form-data). It differs from encodeURIComponent in exactly one way: spaces are encoded as + instead of %20. Everything else is identical. You'll see this format in query strings of search forms and old POST endpoints. Modern HTTP libraries handle the conversion automatically — but when you're debugging by hand, the + can be confusing.
encodeURIComponent. Bug. The slashes and colons get mangled into %2F and %3A and the URL becomes a single broken string when concatenated.encodeURIComponent twice produces %2520 for a space (the % itself got encoded to %25). Common when middleware encodes once and the app encodes again "just in case".= in key=value separately as %3D. Now your query parser sees one big key and no value.+ means space in form encoding. Decoding form-encoded data with decodeURIComponent alone leaves + intact instead of turning them into spaces.%E9 (Latin-1) instead of %C3%A9 (UTF-8). Modern web is UTF-8 only.When your input looks like a valid URL, this tool also breaks it down into its components using the browser's native URL API: protocol, host, port, pathname, search (query string), hash and origin. Query parameters are extracted into a table with each key/value pair shown decoded. This is useful for inspecting complex query strings, debugging routing, or building a new URL from scratch.
hello world & friends
→
hello%20world%20%26%20friendshttps://example.com/search?q=hello world
→
https://example.com/search?q=hello%20world
(slashes, colon, ?, = preserved)hello world
→
hello+world
(used in form POST bodies and some search URLs)URL encoding is the mechanism for safely embedding characters into URLs that would otherwise have special meaning or be invalid. Each problematic character is replaced by a % followed by its hex byte value. A space becomes %20, an ampersand %26. The standard is RFC 3986.
encodeURIComponent encodes everything including URL structure characters (: / ? & = #) — use it for individual query values or path segments. encodeURI preserves those structure characters — use it on a complete URL string. Picking the wrong one is the #1 URL encoding bug.
The form encoding variant (application/x-www-form-urlencoded) encodes spaces as + instead of %20. HTML form POSTs use this format by default, and many search engines still use it in query strings. Outside form contexts, always use %20.
Double-encoding happens when text is URL-encoded twice — a space first becomes %20, then the % itself gets encoded to %25, producing %2520. To avoid it: encode exactly once. If you suspect input is already encoded, use the auto-detect mode of this tool or use the Decode tab to peel off one layer.
Per RFC 3986, the "unreserved" characters are safe and never need encoding: A-Z, a-z, 0-9, and - _ . ~. Everything else — spaces, punctuation, accented letters, emojis, non-ASCII — needs percent-encoding when used in a URL component. The exception is "reserved" characters used in their structural role (e.g. ? separating the query, / in a path) which must NOT be encoded.
decodeURIComponent throws an error when it encounters a malformed percent sequence — for example %ZZ (invalid hex) or %E2%82 (incomplete UTF-8 sequence missing the third byte). This tool catches the error and displays it. The fix is either to repair the input or to handle the error in your code with try/catch.
The parser uses your browser's native URL object, which implements the same parsing rules as the address bar. It breaks any valid URL into protocol, host, port, pathname, search (query string), hash and origin. Query parameters are extracted into a key/value table, with each value already decoded. If the input isn't a valid URL, the parser stays hidden.
Yes. Everything runs entirely in your browser using JavaScript's built-in encodeURIComponent, encodeURI and URL APIs. No text is sent to any server, no signup is required. Your last input is optionally saved in localStorage on your device so you can come back to it later.