URL Encode/Decode
Percent-encode your URLs. Or un-percent-encode them. Both verbs are ugly.
What this does
URLs have a strict character set. Characters like ?, &, =, #, and / are reserved for structural purposes. If your actual data contains any of those, they need percent-encoding or the URL breaks. This tool does that conversion, and reverses it when you need to read the result.
Common use cases
Building redirect URLs. OAuth callbacks, payment return URLs, tracking links. A redirect URL passed as a query parameter needs encoding so its & and = characters don't collide with the outer URL's parameters.
Debugging messy query strings. Paste an encoded URL, decode it, read the actual parameter values. Tweak what you need, encode it back.
Handling international characters. Accented letters, CJK characters, emoji. They all get UTF-8 encoded first, then each byte gets percent-encoded.
Things to know
Two encoding modes, and picking the right one matters. "Encode" uses encodeURIComponent, which encodes everything except unreserved characters. Use this for individual values: query parameters, form fields, path segments. "Encode Full URL" uses encodeURI, which leaves the URL structure intact and only encodes characters that aren't valid anywhere in a URL.
Double-encoding is the classic pitfall. You encode a string, pass it to a function that encodes it again, and %20 becomes %2520. If you're seeing percent signs in your decoded output, something encoded it twice. Decode once, check the result, decode again if needed.
Privacy
Your text stays in your browser. No server, no API, no logs. Encode and decode freely.
Questions
When do I need to URL-encode something?
Any time your data contains characters a URL treats as structure: ?, &, =, #, /, or a space. Encode the value so the browser reads it as content instead of as part of the URL. Query parameters and anything user-typed are the usual suspects.
What's the difference between encodeURIComponent and encodeURI?
encodeURIComponent encodes a single value, so it escapes ?, &, =, and / too. encodeURI assumes you handed it a whole URL and leaves that structure alone. Use the component version for query parameters, the full-URL version for an entire link. This tool gives you both.
Why am I seeing %2520 in my output?
Something encoded it twice. A space becomes %20, then the % gets encoded again into %25, leaving %2520. Decode once, check what you've got, and decode again only if it's still encoded.
Is it safe to put a password or token in a URL?
Treat it as not safe. URLs end up in server logs, browser history, and Referer headers, so anything in the query string tends to get written down somewhere. Encoding makes a value URL-safe, not secret.