URL Encoder & Decoder
Percent-encode and decode URLs and query strings. Choose encodeURIComponent for parameter values or encodeURI for whole URLs. Runs entirely in your browser.
https%3A%2F%2Fwrrk.space%2Fsearch%3Fq%3Dhello%20world%26tag%3Dfast%20%26%20easy
About this tool
WRRK's URL encoder uses the browser's native encodeURIComponent and encodeURI functions, so the output exactly matches what JavaScript, fetch, axios, and modern HTTP clients produce. Pick the right variant: encodeURIComponent aggressively escapes everything that has structural meaning in a URL — perfect for query parameter values. encodeURI leaves URL syntax characters intact — use it when you want to clean up a whole URL like a shareable link.
The decoder catches malformed percent sequences (a common bug when user input contains literal % signs) and reports the failing position. Everything happens in your browser — your URLs and tokens never leave the page, which is essential when debugging signed URLs, OAuth callbacks, or query strings that contain auth state.
How to URL-encode (5 steps)
- Pick a mode. Encode (text → percent encoded) or Decode (percent encoded → text).
- Pick a variant. encodeURIComponent for query parameter values (most common). encodeURI for an entire URL where syntax characters like / and ? must stay intact.
- Paste your input. Input updates the output live as you type. The tool handles UTF-8, emoji, and accented characters correctly.
- Read the result. If the input is malformed (lone % without hex pair), you'll see a clear error explaining where decoding failed.
- Copy or swap. Click Copy for the clipboard, or Swap to round-trip the output back through the tool.
Use cases
- Encoding query parameters that contain spaces, ampersands, or quotes
- Building OAuth redirect URIs and PKCE state values
- Debugging signed URLs from S3, Cloudfront, or Stripe
- Constructing wa.me, mailto:, sms:, or upi:// deep links
- Decoding referrer URLs from analytics dashboards
- Encoding non-ASCII text (emoji, Devanagari, Arabic) for share links
- Preparing GET request parameters from copy-pasted user input
Frequently asked questions
+−What is URL encoding (percent encoding)?
URL encoding replaces unsafe characters in a URL with a percent sign followed by their hex code — for example a space becomes %20, a question mark becomes %3F. It exists because URLs can only contain a limited set of ASCII characters; anything else has to be escaped.
+−What is the difference between encodeURI and encodeURIComponent?
encodeURI escapes only the characters that should never appear in any URL (space, quotes, etc.) but leaves URL syntax characters alone (: / ? # & =). encodeURIComponent escapes everything that has special meaning in a URL component, so it's safe for query parameter values. Use encodeURIComponent when encoding a single value, encodeURI when encoding a whole URL.
+−When should I URL-encode a query string?
Whenever a parameter value can contain spaces, ampersands, equals signs, plus signs, slashes, or non-ASCII characters. Without encoding, those characters either break the URL or are interpreted as syntax — the most common bug is an unencoded & in the middle of a value silently splitting it into a new parameter.
+−Why do I get 'URI malformed' when decoding?
decodeURIComponent fails on lone percent signs that aren't followed by valid hex pairs (for example a literal % in user input). If your source includes literal percent signs, encode them as %25 before decoding the rest.
+−Does URL encoding handle Unicode characters?
Yes. Both encodeURIComponent and decodeURIComponent are UTF-8 safe — emoji, Chinese, Arabic, Devanagari, and accented characters round-trip correctly. Each non-ASCII codepoint becomes one or more %XX sequences representing its UTF-8 bytes.
+−Is + the same as a space in URL encoding?
Only inside the query string of an application/x-www-form-urlencoded body, where + represents a space. In the path or fragment, + is a literal plus sign. Browsers, encodeURIComponent, and this tool follow the strict RFC 3986 form: spaces are %20, never +.
+−Is my data sent to a server?
No. Encoding and decoding happen entirely in your browser using native JavaScript APIs. Safe to use with API keys, tokens, customer data, or any other sensitive content.