When should I use encodeURIComponent vs encodeURI?

Use encodeURIComponent for individual values (query params, path segments). Use encodeURI only when you have a complete URL and want to preserve its structure.

What's the difference between %20 and +?

Both represent a space, but %20 is standard percent-encoding while + is used specifically in application/x-www-form-urlencoded (HTML form) data.

Is URL encoding the same as Base64?

No. URL encoding uses % sequences and is designed for URLs. Base64 converts binary to ASCII text and is used for data transport.

URL Encoder / Decoder

Processed locally · Never leaves your browser

Encode or decode URLs and URL components. Supports both encodeURI (full URL) and encodeURIComponent (query values) modes.

Input

Output

What gets encoded?

encodeURIComponent

Encodes everything except: A-Z a-z 0-9 - _ . ! ~ * ' ( )

Use for: query values, path segments, form data

encodeURI (full URL)

Preserves URL structure: : / ? # [ ] @ ! $ & ' ( ) * + , ; =

Use for: complete URLs where you want to keep the structure intact

Common Encodings

Space→%20

&→%26

=→%3D

+→%2B

/→%2F

?→%3F

#→%23

@→%40

Runs entirely in your browser — nothing is uploaded

Runs in your browser

Next steps

Base64 Converter

Recommended

Encode or decode Base64 in one click — works with text and files.

HTML Encoder / Decoder

Recommended

Encode HTML special characters to entities and decode them back.

JSON Formatter

Instantly format, validate, or minify JSON — spot errors in seconds.

JWT Decoder

Decode JWT tokens and inspect header, payload, claims, and expiry instantly.

View all tools →

Runs entirely in your browser. No uploads. Your files stay private.

What Is URL Encoding?

URL encoding, formally percent-encoding, is the mechanism RFC 3986 defines for representing characters in a URI that fall outside the small set permitted in URI syntax. Every encoded byte appears as a percent sign followed by two uppercase hex digits — so a space becomes %20, an ampersand %26, an at sign %40. Multibyte characters (Unicode code points above U+007F) are encoded as their UTF-8 byte sequence, each byte percent-encoded in turn.

JavaScript provides two complementary functions and this tool exposes both. encodeURIComponent encodes every character that is not in the small unreserved set (A-Z, a-z, 0-9, hyphen, underscore, period, exclamation, tilde, asterisk, single quote, parentheses). It is the right choice for values you intend to drop into a query parameter, a path segment, or a form field, because it escapes the structural characters &, =, /, ?, # that would otherwise be misinterpreted as URI syntax.

encodeURI is the gentler cousin. It assumes the input is already a complete URL and so preserves the structural characters that make a URL parseable: : / ? # [ ] @ ! $ & ' ( ) * + , ; =. Use it when you have a free-form string that resembles a URL and want to make it transport-safe without breaking its structure. Crucially, encodeURI does not encode &, =, or ? — feeding user input through encodeURI when you meant encodeURIComponent is one of the most common sources of broken pagination links.

There is a subtle but important difference between %20 and +. Both decode to a space, but they belong to different specs. RFC 3986 percent-encoding always uses %20. The application/x-www-form-urlencoded media type — what HTML forms POST by default and what URLSearchParams emits in the browser — uses + for spaces. JavaScript's encodeURIComponent follows RFC 3986 (%20); URLSearchParams.toString uses form-urlencoded (+). When debugging encoding issues, identify which spec is in play.

Decoding is the reverse: decodeURIComponent walks the string, replaces every %XX with the corresponding byte, and reinterprets the byte stream as UTF-8. Malformed input — a stray % not followed by two hex digits, or a sequence that does not produce valid UTF-8 — throws URIError. The tool surfaces those errors so you can find the bad byte instead of silently producing mojibake.

Common encoding gotchas in production: don't double-encode (passing already-encoded text through encodeURIComponent again produces sequences like %2520 for what should be %20); don't trust the browser to encode for you when you build URLs by string concatenation in fetch calls; and watch out for the literal plus sign in user input — it must be encoded as %2B in form data or it will be silently turned into a space on the receiving end. The URL and URLSearchParams APIs handle most of this correctly when used in their canonical form.

All processing in this tool happens through the four built-in functions (encodeURI, encodeURIComponent, decodeURI, decodeURIComponent). Nothing leaves the browser, nothing is logged, and the bundle is tiny because no library is involved.

Common Use Cases

Building query strings

Encode user-supplied search terms or filter values before concatenating them into a URL.

REST API requests

Encode path segments and query values when assembling API URLs from arbitrary input.

Sharing links with special characters

Encode URLs containing spaces, slashes, or non-ASCII characters before pasting into chat or email.

Form-data debugging

Inspect application/x-www-form-urlencoded payloads to verify what the browser actually sent.

Frequently Asked Questions

Use encodeURIComponent for any individual value going into a URL — query parameters, path segments, fragment strings. Use encodeURI only on already-formed URLs where you want to preserve the structural characters (: / ? # & = + and so on).

Both decode to a space, but they come from different specs. %20 is RFC 3986 percent-encoding (used by encodeURIComponent). + is application/x-www-form-urlencoded (used by HTML form submissions and URLSearchParams.toString). The two are not interchangeable in all contexts — passing + through decodeURIComponent leaves it as a literal plus.

No. URL encoding escapes individual problematic characters with percent sequences and remains human-readable for ASCII text. Base64 converts arbitrary bytes to a 64-character alphabet and is meant for binary transport. Sometimes you Base64-encode binary first, then URL-safe-encode the result.

decodeURIComponent throws when it sees a malformed sequence: a percent not followed by two hex digits, or a byte stream that does not decode to valid UTF-8. Find the bad byte by scanning for % characters that are not followed by exactly two hex characters.

Each Unicode character is first encoded as UTF-8, then each byte is percent-encoded. The character é (U+00E9) is two UTF-8 bytes 0xC3 0xA9, which percent-encodes to %C3%A9. The character emoji like a heart 0x1F49C is four UTF-8 bytes and produces 12 percent-encoded characters.

Often yes. new URL(input, base) and URLSearchParams handle most edge cases and prevent double-encoding bugs. Drop down to encodeURIComponent only when you are concatenating values into a string by hand and need precise control.

You get double encoding. The percent sign in %20 itself becomes %25, so the sequence turns into %2520. Web servers will then decode it once back to %20 and treat it as the literal text rather than a space. Always track which side of the wire your string is on.

RFC 3986 unreserved characters (A-Z, a-z, 0-9, hyphen, underscore, period, tilde) are safe everywhere. encodeURIComponent treats !*'() as also safe, which differs slightly from RFC 3986. Reserved characters always need encoding when they appear in a value rather than in their structural role.

Yes. Each non-ASCII byte expands to three characters (%XX). A long Unicode-heavy parameter can blow past server URL length limits — most servers cap requests at around 8 KB of headers, and proxies sometimes truncate sooner. For long payloads, use POST.

No. The four encode/decode functions are built into JavaScript and run entirely in your browser. Nothing is logged or transmitted.