Question 1

What is URL encoding?

Accepted Answer

URL encoding (percent encoding) converts characters that are not allowed in URLs into a format that can be safely transmitted. Each unsafe character is replaced with a % sign followed by its two-digit hexadecimal code. For example, a space becomes %20 and an ampersand & becomes %26. This is defined by RFC 3986.

Question 2

What is percent encoding?

Accepted Answer

Percent encoding is the technical term for URL encoding. It gets its name from the % character used as a prefix for encoded bytes. Every non-ASCII character or reserved URL character is encoded as one or more %XX sequences, where XX is the hexadecimal value of the byte. For example, the emoji 🌍 encodes to %F0%9F%8C%8D.

Question 3

When should I use encodeURIComponent?

Accepted Answer

Use encodeURIComponent() when encoding individual parts of a URL that will be included as query parameter values. It encodes everything except letters, digits, and - _ . ! ~ * ' ( ). Use it for: query string values, redirect URL parameters, OAuth callback URLs, and any value that will be embedded inside another URL parameter.

Question 4

What is the difference between URI and URL encoding?

Accepted Answer

A URL (Uniform Resource Locator) is a specific type of URI (Uniform Resource Identifier) that includes the protocol and location. In practice, 'URL encoding' and 'URI encoding' refer to the same percent-encoding process defined by RFC 3986. encodeURI() preserves URL structure characters like ://?=&#, while encodeURIComponent() encodes them all.

Question 5

Can URL encoding improve security?

Accepted Answer

Yes, indirectly. Proper URL encoding helps prevent certain injection attacks by ensuring special characters are treated as literal data rather than control characters. It prevents URL injection, helps mitigate some XSS vectors when encoding user input placed in href attributes, and ensures query parameters are properly isolated from URL structure.

Question 6

Why do spaces become %20?

Accepted Answer

The hexadecimal value of a space character (ASCII code 32) in hex is 20, so it becomes %20 in percent encoding. Some older form submission systems use + as a shorthand for space, but %20 is the RFC 3986 standard for URLs. Always prefer %20 over + in URL paths and query strings for maximum compatibility.

Question 7

How do I decode encoded URLs?

Accepted Answer

Paste your percent-encoded URL into the input panel and switch to Decode mode. The tool uses JavaScript's native decodeURIComponent() or decodeURI() function to convert %XX sequences back to their original characters. For structured URLs, use the URL Breakdown panel to parse protocol, domain, path, query parameters, and hash separately.

Question 8

Is my data uploaded anywhere?

Accepted Answer

No. All URL encoding and decoding runs entirely in your browser using JavaScript's native encodeURIComponent(), encodeURI(), decodeURIComponent(), and decodeURI() functions. No text is sent to any server, logged, or stored. It is safe to encode API keys, credentials, sensitive redirect URLs, and private parameters.

Character	encodeURI()	encodeURIComponent()	Context
https://	Preserved	Encoded %3A%2F%2F	encodeURI preserves protocol
?query=x	Preserved	Encoded	encodeURI preserves query structure
hello world	hello%20world	hello%20world	Both encode spaces
#section	Preserved	Encoded %23section	Use encodeURIComponent for values
a&b=c	Preserved	a%26b%3Dc	Encode param values with URIComponent
email@x.com	email@x.com	email%40x.com	@ is safe in URI but encoded in Component

URL Encoder & Decoder Online

🔒 Privacy First — 100% Client-Side Processing

What Is URL Encoding?

encodeURI vs encodeURIComponent

Common URL Encoding Mistakes

Frequently Asked Questions