URL Encoder / Decoder
Percent-encode and decode URLs — in your browser
This URL Encoder / Decoder converts text to percent-encoding and back. URLs can only contain a limited set of characters — spaces, accents, Greek letters, emoji, and symbols like & or ? must be escaped as %-sequences (%20 for a space) or they break the URL.
Two encode modes cover the two real-world cases: Encode (encodeURIComponent) escapes everything including / and & — use it for a value going into a query string. Encode URL (encodeURI) leaves the URL structure characters :/?&=# intact — use it to clean up a whole URL that contains spaces or unicode.
Decoding also handles the legacy +-for-space convention used in form submissions. And as with every tool here, everything runs locally in your browser — URLs often contain tokens and session IDs that shouldn't be pasted into someone's server.
Example
You want to link to a search for "blue sneakers & socks": example.com/search?q=…
Encoding the value gives blue%20sneakers%20%26%20socks. Without it, the & would end the parameter early and the search would silently become just "blue sneakers".
Frequently Asked Questions
What is URL encoding (percent-encoding)?
A way to represent characters that aren't allowed in URLs: each byte becomes % followed by two hex digits. A space becomes %20, an ampersand %26, the Greek α becomes %CE%B1 (its UTF-8 bytes). Defined in RFC 3986, it keeps URLs unambiguous across every browser and server.
What is the difference between encodeURIComponent and encodeURI?
encodeURIComponent escapes everything except letters, digits and -_.!~*'() — use it for individual values (query parameters, path segments). encodeURI leaves URL structure characters :/?#&=+ untouched — use it on complete URLs. Encoding a full URL with encodeURIComponent breaks it; encoding a parameter with encodeURI leaves dangerous characters in.
Why does a space sometimes become %20 and sometimes +?
Two standards: %20 is the RFC 3986 encoding, valid everywhere in a URL. The + convention comes from HTML form submissions (application/x-www-form-urlencoded) and is only interpreted as a space in the query string. When decoding, this tool converts + to space; when encoding, it produces the universal %20.
Which characters must be encoded in a URL?
Anything outside A–Z, a–z, 0–9 and -._~ needs encoding when used as data: spaces, quotes, <>, {}, |, ^, backslash, and all non-ASCII (accents, Greek, Chinese, emoji). Reserved characters :/?#[]@!$&'()*+,;= are legal but only in their structural roles — as data values they must be escaped too.
Why is my URL parameter cut off after an & or #?
Because those characters have structural meaning: & separates parameters and # starts the fragment. If your value contains them unencoded, the URL parser ends your parameter there. Encode the value first — & becomes %26, # becomes %23 — and it arrives intact.
How do I decode a URL with %20 and other %-codes?
Paste it above and click Decode. Each %XX sequence is converted back to its character, multi-byte UTF-8 sequences (like %CE%B1 for α) are reassembled, and + signs are treated as spaces. If you see a 'malformed' error, the string contains a stray % that isn't part of a valid sequence.
What is double encoding and why is it a problem?
Encoding already-encoded text: %20 becomes %2520 (the % itself gets escaped as %25). It happens when two layers of code both encode. The symptom is literal %20 appearing in displayed text. Fix: encode exactly once, at the point where the value enters the URL. To repair a double-encoded string, decode it twice.
Do I need to encode URLs with Greek or other non-Latin characters?
For machine use yes — under the hood, non-ASCII characters are always transmitted percent-encoded (as UTF-8 bytes). Modern browsers display them decoded in the address bar for readability, but when you paste such a URL into code, an API call, or an HTML attribute, encoding it makes it universally safe.
Is it safe to paste URLs with tokens into this tool?
Yes — encoding and decoding run entirely in your browser's JavaScript. Nothing is transmitted or logged. That matters because URLs routinely embed session tokens, API keys and personal data in their parameters.
How do I encode a URL in JavaScript / Python / Excel?
JavaScript: encodeURIComponent(value). Python: urllib.parse.quote(value) — use quote_plus for form-style. PHP: rawurlencode(). Excel: ENCODEURL(). All produce the same %-sequences as this tool; use it to spot-check what your code should output.
Why do URLs from Google or social media look like gibberish?
They're heavily percent-encoded: tracking parameters, redirect targets (full URLs nested inside a parameter — encoded so their own & and / don't break the outer URL), and non-Latin text. Paste one into the decoder above to read what it actually contains — often revealing the real destination of a redirect link.
What is the maximum length of a URL?
No formal limit exists, but practical ones do: browsers and CDNs commonly cap around 2,000–8,000 characters, and old IE stopped at 2,083. Percent-encoding triples the length of non-ASCII text, so long unicode parameters can hit limits fast — worth checking after encoding.