RevealTheme logo

URL Encoder & Decoder

Convert text to URL-safe percent encoding and back, using the browser's own encodeURIComponent and decodeURIComponent functions. Useful for query strings, redirects, and OAuth redirect_uri values.

How to use this tool

  1. 1

    Choose a mode with the Encode or Decode button at the top (Encode is selected by default).

  2. 2

    Type or paste your text into the input box — a raw value to encode, or a percent-encoded string to decode.

  3. 3

    Click Run to convert the text; the result appears in the monospace box below.

  4. 4

    Copy the output from the result box, or switch modes and click Run again to reverse the conversion.

What is URL encoding and when do you need it?

URL encoding (also called 'percent encoding', specified in RFC 3986) is the process of converting characters that have special meaning in URLs — or characters that aren't safe in URLs at all — into a '%XX' hexadecimal escape sequence. The URL spec reserves certain characters for structural meaning: '?' starts the query string, '#' starts the fragment, '&' separates query parameters, '/' separates path segments, and so on. If user input contains any of those characters and you embed it raw in a URL, the parser misinterprets it. URL encoding sidesteps this by replacing every reserved or unsafe character with its hex byte representation prefixed by '%'. A space becomes %20, '&' becomes %26, '=' becomes %3D. Non-ASCII characters (Cyrillic, Chinese, emoji) become multi-byte UTF-8 sequences with each byte percent-encoded. Browsers handle this automatically when you click a link, but anytime you construct a URL programmatically — building a search query, a redirect target, an OAuth callback, a webhook signature — you must encode user-provided values first. This tool uses the same encodeURIComponent / decodeURIComponent functions your JavaScript code would, so the behavior matches production exactly.

Common use cases

  • Encode user search terms before appending to a search URL (?q=user+input).

  • Pass an OAuth redirect_uri parameter safely to an authorization server.

  • Construct webhook URLs that include encoded JSON payloads in the query string.

  • Encode a 'returnTo' URL so it survives being passed through other URLs.

  • Decode the encoded values you see in browser address bars after form submission.

  • Test how a malformed URL parses — encode a special character and see what happens.

Frequently asked questions

When should I URL-encode?
Always encode user-provided values before putting them into a URL — query parameters, path segments, or fragments. Failing to encode is one of the most common sources of subtle bugs: the value 'cats & dogs' breaks a query string until encoded as 'cats%20%26%20dogs'.
What's the difference between encodeURI and encodeURIComponent?
encodeURI is for whole URLs — it leaves structural characters like '/', '?', '&', '=' alone because they have meaning in a URL. encodeURIComponent is for parts of URLs (query values, path segments) — it encodes everything that isn't an alphanumeric. Use encodeURIComponent on individual query values; never use encodeURI on a user-provided query value (it won't escape '&', breaking your query string).
What's URL-safe Base64 vs URL encoding?
Different concepts. URL encoding (this tool) is character-by-character substitution of special chars. URL-safe Base64 is a Base64 variant that uses '-' and '_' instead of '+' and '/' so the result is already URL-safe without further encoding.
Why does '+' sometimes decode to space?
In application/x-www-form-urlencoded (form submissions), '+' is shorthand for a space. Most decoders preserve this. In modern URI parsing, '%20' is the proper space encoding. decodeURIComponent treats '+' as literal '+'; use decodeURI or a form-decoder to convert '+' to space.
How are non-ASCII characters encoded?
First converted to UTF-8 bytes, then each byte is percent-encoded. So 'café' becomes 'caf%C3%A9' — 'é' is two UTF-8 bytes (0xC3 0xA9). This tool handles UTF-8 correctly; some legacy tools encode using Latin-1 instead, which produces different output.
Is URL encoding the same as HTML entity encoding?
No. URL encoding (%XX) escapes characters for URLs. HTML entity encoding (&, <) escapes characters for HTML markup. The contexts are different — encoding one in the other context is a common XSS bug.
What happens if I try to decode an invalid percent sequence?
decodeURIComponent throws a URIError on malformed input — for example a lone '%' or '%ZZ' that isn't a valid hex escape. This tool catches that error and shows it as 'Error: ...' in the output box instead of crashing, so you can fix the input and run again.
Is my data uploaded anywhere?
No. The conversion runs entirely in your browser using the built-in encodeURIComponent and decodeURIComponent functions. Your text is never sent to a server, so it is safe to paste tokens, signed URLs, or other sensitive values.

Related tools