Skip to content
Scratchpad
Your text never leaves your browser

URL Encode/Decode

Percent-encode your URLs. Or un-percent-encode them. Both verbs are ugly.

Input
Output

What this does

DEVS: encodeURIComponent() / decodeURIComponent(). Plus encodeURI() for full URLs. Browser built-ins.

URLs have a strict character set. RFC 3986 reserves characters like ?, &, =, #, /, and : for structural purposes. If your actual data contains any of those (a search query with an ampersand, a filename with spaces, a redirect URL as a parameter), they need to be percent-encoded or the URL breaks. This tool does that conversion, and decodes it back when you need to read the result.

There are two encoding modes and picking the right one matters. "Encode" uses encodeURIComponent, which encodes everything except unreserved characters (letters, digits, hyphens, underscores, periods, tildes). This is what you want for individual values: query parameters, form fields, path segments. "Encode Full URL" uses encodeURI, which leaves the URL structure intact (keeps the colons, slashes, question marks, hash signs) and only encodes characters that aren't valid anywhere in a URL. Use it when you have a complete URL with international characters in it, not when you're building query strings piece by piece.

Double-encoding is the classic pitfall. You encode a string, then pass it to a function that encodes it again, and suddenly %20 becomes %2520. If you're seeing percent signs in your decoded output, something in the chain encoded it twice. Decode once, check the result, and if it still looks encoded, decode again. Not elegant, but it happens often enough that it's worth knowing the pattern.

This comes up constantly when building URLs by hand. Redirect URLs passed as query parameters need encoding so the inner URL's & and = characters don't collide with the outer URL's parameters. OAuth callbacks, payment return URLs, tracking links. Get it wrong and the receiving server parses half your redirect URL as its own query string. Get it right and everything routes where it should.

International characters (accented letters, CJK characters, emoji) get UTF-8 encoded first, then each byte gets percent-encoded. So ñ becomes %C3%B1 (two bytes in UTF-8, two percent-encoded pairs). This is also how international domain names work under the hood, though browsers and DNS use a separate system called Punycode for the domain part. For the path and query string, percent-encoding is the standard.

Your text stays in your browser. No server, no API, no logs. Paste a messy query string, decode it to read the parameters, tweak what you need, encode it back. Copy grabs the result. That's the whole workflow.