We use cookies to understand how DevToolsHub is used and to improve your experience. You can choose which types of cookies to allow.
Encode and decode URL strings with percent-encoding.
Loading...
Loading...
URL encoding, also known as percent-encoding, is a mechanism for representing characters in a URL that would otherwise be unsafe, uninterpretable, or reserved for special meaning. The URL specification ( RFC 3986 ) defines a limited set of characters that can appear in a URL without encoding: the unreserved characters A–Z, a–z, 0–9, -, _, ., ~, and a set of reserved characters like :/?#[]@!$'()*+,;= that serve as delimiters within the URL structure.
Any character outside the allowed set is encoded as a percent sign (%) followed by two hexadecimal digits representing the character's byte value in UTF-8. For example, a space character becomes %20, an exclamation mark becomes %21, and the emoji 🎉 becomes %F0%9F%8E%89 (four bytes in UTF-8). This ensures that any character — including non-ASCII text, symbols, and control characters — can be safely transmitted as part of a URL.
A common source of confusion is the distinction between encoding a full URL and encoding a URL component. When you encode a full URL, you want to preserve structural characters like ://?&=# so the URL remains navigable. When you encode a single query parameter value, you want to encode everything except a minimal safe set, because a value like & or = inside the value would be misinterpreted as a delimiter. JavaScript's built-in encodeURI and encodeURIComponent functions address these two cases respectively, and our tool provides both modes.
URL encoding is essential whenever you construct URLs dynamically — for example, when redirecting users with query parameters, building API endpoints with user-supplied data, or constructing links that include search terms, filters, or localized content. Without proper encoding, characters like spaces, ampersands, and non-ASCII text can break the URL or cause servers to misinterpret the request, leading to errors, security vulnerabilities (such as injection attacks), or garbled data.
://?&=#.+@/-_~!'()*) so full URLs remain readableA–Z a–z 0–9 - _ . ~) for maximum safetycafé becomes caf%C3%A9.Loading...