Skip to content
snip tools

URL encode and decode

Percent-encode text for URLs or decode it back. Runs entirely in your browser.

Runs 100% in your browser

How to URL encode or decode

  1. Choose a mode. Encode to percent-encode text, or Decode to reverse it.
  2. Enter your text. Paste the value or encoded string; the output updates live.
  3. Copy the result. Click Copy to use it in your URL.

Why URLs need encoding

A URL can only contain a limited set of characters, and a handful of those — /, ?, &, =, # — carry structural meaning: they separate the path, start the query string, divide parameters, and mark the fragment. So when a value you want to put inside a URL contains one of those characters, or a space, an accent or an emoji, it has to be escaped — otherwise the value would be misread as structure and break the link. Percent-encoding solves this by replacing each offending byte with a % followed by its two-digit hex code: a space becomes %20, an ampersand %26. This is the everyday job behind building query strings by hand, debugging redirect chains, and passing structured data through a URL.

Reserved, unreserved, and UTF-8

The standard (RFC 3986) splits characters into groups. The unreserved set — letters, digits and - _ . ~ — is always safe and is never touched. Reserved characters are the structural delimiters above; they're left alone when they're acting as structure and escaped when they're part of a value. Everything else is escaped. For characters beyond ASCII, the text is first converted to its UTF-8 bytes and each byte is encoded separately, which is why a single accented letter or emoji can expand into several percent-escapes — and why decoding has to reassemble those bytes to recover the original character.

encodeURIComponent vs. encodeURI, and the classic pitfalls

The most common mistake is using the wrong encoder. encodeURIComponent — what this tool uses — escapes the reserved delimiters too, so it is correct for a single piece of a URL, like one query-parameter value. encodeURI preserves the delimiters and is meant for an entire URL you don't want to dismantle. Encode each value with the component encoder, then assemble the URL from the pieces. Two other traps to watch: double-encoding (running an already-encoded string through again turns %20 into %2520 — encode exactly once), and the +-versus-%20 ambiguity, where + means a space in a query string but a literal plus in a path. When in doubt, encode spaces as %20.

Encoding is not the same as encrypting

Percent-encoding only makes text transport-safe; it hides nothing and anyone can decode it instantly, so never rely on it to protect a value in a URL. It also runs entirely in your browser here — nothing is uploaded. URL encoding sits alongside a few related transforms: the Base64 tool makes binary data text-safe, the HTML entity encoder escapes text for HTML rather than URLs, and the UTM builder assembles correctly-encoded campaign links for you. Doing it in code? Our guide to URL encoding in JavaScript explains encodeURIComponent vs encodeURI and the +-versus-%20 trap.

Frequently asked questions

What is URL encoding?
URL (percent) encoding replaces characters that are unsafe or reserved in a URL with a percent sign followed by their hex code — for example a space becomes %20. It lets you safely put arbitrary text in query strings and paths.
What is the difference between encodeURI and encodeURIComponent?
This tool uses encodeURIComponent, which also encodes the reserved characters & ? / = # — correct when encoding a single query-parameter value, because those characters would otherwise change the URL's structure. encodeURI leaves them intact, which is for encoding a whole URL you don't want to break apart. Rule of thumb: encode each value with encodeURIComponent, then assemble the URL.
Which characters actually need encoding?
The "unreserved" set — A–Z, a–z, 0–9 and - _ . ~ — is always safe and never encoded. Everything else is either reserved (it has a structural meaning, like / or ?) or unsafe (spaces, accents, emoji, control characters) and should be percent-encoded when it appears inside a value rather than as structure.
Why does my decoded "+" turn into a space?
In query strings, + historically means a space (a legacy of HTML form submission, the application/x-www-form-urlencoded format). This decoder converts + to a space before decoding, matching how servers read form data. In a path segment, by contrast, + is a literal plus — which is exactly the kind of ambiguity that makes %20 the safer way to encode a space everywhere.
Why does my value have %2520 in it?
That is double-encoding: a %20 got encoded a second time, turning its % into %25. It happens when an already-encoded string is passed through an encoder again. Encode exactly once, at the point where you insert a raw value into the URL.
Does it handle Unicode and emoji?
Yes. Characters are converted to their UTF-8 bytes first and each byte is percent-encoded, so "São Paulo" or an emoji round-trips correctly. That is why one non-ASCII character can become several percent-escapes.
Does this run in my browser?
Yes — it uses the native encodeURIComponent/decodeURIComponent functions locally. Nothing is sent anywhere.