URL Encoder/Decoder
Encode and decode URLs instantly. Handle special characters, spaces, and symbols safely in web addresses, query parameters, and API requests.
URL Encoder/Decoder
Characters: 0
Characters: 0
Auto-processing: Results update automatically as you type. URL encoding is used to safely transmit data in URLs and web forms.
URL Encoding Examples
Common Characters
Space%20
!%21
@%40
#%23
?%3F
&%26
Use Cases
- URL query parameters with special characters
- Form data submission to servers
- API requests with text parameters
- Email links with pre-filled content
- Search engine query strings
- Social media sharing URLs
Complete URL Example
Original:
https://example.com/search?q=hello world&category=tech&tags=web development
Encoded Parameters:
https://example.com/search?q=hello%20world&category=tech&tags=web%20development
When to Use URL Encoding
Web Development
- • Query Parameters: When passing data through URL parameters
- • Form Submissions: Encoding form data for GET requests
- • API Requests: Safely passing text in URL endpoints
- • Search Queries: Encoding search terms with special characters
- • File Names: Handling files with spaces or symbols in URLs
Common Scenarios
- • Social Sharing: URLs with pre-filled content
- • Email Links: mailto: links with subject and body
- • Analytics: Tracking URLs with campaign parameters
- • Redirects: Passing destination URLs as parameters
- • Webhooks: Encoding callback URLs with data
URL Encoding Rules
Reserved Characters
These characters have special meaning in URLs and must be encoded when used as data:
: (colon)%3A
/ (slash)%2F
? (question)%3F
# (hash)%23
& (ampersand)%26
= (equals)%3D
@ (at sign)%40
+ (plus)%2B
Safe Characters
These characters don't need encoding in URLs:
Letters:
A-Z a-zNumbers:
0-9Unreserved:
- _ . ~ Encoding Format
URL encoding uses percent-encoding format: %XX where XX is the hexadecimal representation of the character's ASCII/UTF-8 value.
Practical Examples
Search Query URLs
Original Search:
"web development" tutorials
Encoded URL:
https://search.com?q=%22web%20development%22%20tutorials
Email Links
Email Content:
Subject: "Hello & Welcome!"
Body: "Thank you for signing up!"
Body: "Thank you for signing up!"
Encoded mailto Link:
mailto:[email protected]?subject=Hello%20%26%20Welcome!&body=Thank%20you%20for%20signing%20up!
Social Media Sharing
Share Text:
Check out this awesome tool! https://example.com #coding
Twitter Share URL:
https://twitter.com/intent/tweet?text=Check%20out%20this%20awesome%20tool!%20https://example.com%20%23coding
Best Practices
✅ Do
- • Always encode user input before adding to URLs
- • Encode entire query parameter values, not individual characters
- • Use proper encoding functions in your programming language
- • Test URLs with special characters thoroughly
- • Document which parameters expect encoded values
- • Validate decoded URLs for security purposes
❌ Don't
- • Double-encode already encoded strings
- • Manually construct encoded URLs without validation
- • Assume all characters are safe in URLs
- • Forget to decode parameters on the receiving end
- • Mix encoding types (URL vs HTML vs Base64)
- • Trust user-provided encoded data without validation
Programming Examples
JavaScript
// Encoding
const encoded = encodeURIComponent(text);
// Decoding
const decoded = decodeURIComponent(encoded);
// Build URL with parameters
const params = new URLSearchParams({
q: "hello world",
category: "web & mobile"
});
const url = `/search?${params}`;Python
import urllib.parse
# Encoding
encoded = urllib.parse.quote(text)
# Decoding
decoded = urllib.parse.unquote(encoded)
# Build URL with parameters
params = urllib.parse.urlencode({
'q': 'hello world',
'category': 'web & mobile'
})Security Considerations
Input Validation
- • Always validate decoded URLs before use
- • Check for malicious characters or patterns
- • Implement length limits on encoded parameters
- • Sanitize decoded content before displaying
- • Use allowlists for expected URL patterns
Common Attacks
- • XSS: Encoded JavaScript in parameters
- • Path Traversal: Encoded ../ sequences
- • CRLF Injection: Encoded newline characters
- • Open Redirects: Malicious redirect URLs
- • Parameter Pollution: Multiple encoded parameters