URL Encoder & Decoder
Convert unsafe characters into percent-encoded strings or decode percent-encoded URLs back to plain text. Your URLs are processed entirely in your browser.
How ZeroData protects your privacy
- ✓ No Uploads: Processing happens entirely via client-side JavaScript.
- ✓ No Storage: We do not have a database. We physically cannot save your data.
- ✓ No Tracking: We don't log what you process or track your inputs.
- ✓ Verifiable: Check your DevTools Network tab. You will see 0 outbound requests.
What is Percent-Encoding (URL Encoding)?
URL encoding (officially known as percent-encoding) is a mechanism for safely transmitting data within a Uniform Resource Identifier (URI). Because URLs can only be sent over the internet using the ASCII character-set, any characters outside this set—or characters that have special syntactic meaning in a URL—must be converted into a valid, safe format.
During this process, unsafe characters are replaced by a % followed by two hexadecimal digits representing the character's ASCII value. For example, a space becomes %20, an ampersand (&) becomes %26, and a question mark (?) becomes %3F.
Without proper encoding, browsers and web servers cannot reliably distinguish between data payload and URL structure. For instance, if you try to pass an unencoded URL as a query parameter (e.g., ?target=https://example.com/login?user=1), the second ? and = will corrupt the parsing logic of the parent URL.
When Should I Use This Tool?
Encoding and decoding URLs is a daily task for backend developers, API engineers, and technical marketers. Here are the most common scenarios when manual encoding or decoding is required:
- OAuth & SSO Integrations: Passing a
redirect_urito an authentication provider requires strict percent-encoding of the target destination to ensure the callback resolves correctly. - API Payload Debugging: When inspecting server logs or network tabs, deeply nested JSON or query strings are often heavily encoded. Decoding them restores readability and helps pinpoint bugs.
- Email Tracking & Deep Linking: UTM parameters and mobile app deep links often contain complex characters (like
+or@) that must be safely encoded to survive email client click-tracking wrappers.
Quick Solution: JavaScript URL Encoding
When writing code, choosing the right native method is critical. Always use encodeURIComponent for query parameters.
For Parameter Values
encodeURIComponent('user@email.com') Encodes everything, including ?, =, /, and &. For Full URLs
encodeURI('https://site.com/my page') Leaves structural characters intact. Only encodes spaces/unsafe characters. Real-World Troubleshooting
The "Space" Problem: %20 vs +
One of the most confusing aspects of URL encoding is how spaces are handled. In a standard URI path, a space is always encoded as %20. However, when submitting HTML form data via a GET request (specifically the application/x-www-form-urlencoded content type), spaces are historically encoded as a plus sign (+). Modern APIs generally accept %20 everywhere, but legacy systems might parse a + as a space in the query string.
Double Encoding Issues
A common bug occurs when a string is encoded twice. For example, a space initially becomes %20, and then during a second pass, the % character itself is encoded into %25, resulting in %2520. If your API returns broken data containing %25, it indicates the backend or frontend is mistakenly applying encoding logic to an already-encoded string.
Common Use Cases
- Encoding OAuth redirect URIs and callback URLs for SSO integrations.
- Preparing dynamic user input for safe inclusion in REST API query strings.
- Decoding raw server logs or analytics payloads to inspect parameter values.
- Troubleshooting deep links and mobile app routing structures.
- Fixing broken URLs caused by spaces or special characters in filenames.
Frequently Asked Questions
What is URL encoding (percent-encoding)?
URL encoding, also known as percent-encoding, is a mechanism for safely transmitting data within a Uniform Resource Identifier (URI). Unsafe characters (like spaces, ampersands, or non-ASCII characters) are replaced with a '%' followed by two hexadecimal digits representing the character's ASCII value.
Why do spaces become %20 or + in a URL?
In a standard URI path, a space is encoded as %20. However, in the query string part of a URL (often used for form data submission), spaces were historically encoded as a plus sign (+). Both are valid depending on the context, but %20 is universally recognized across modern web standards.
What is the difference between encodeURI and encodeURIComponent in JavaScript?
encodeURI() is meant to encode a full URL and ignores reserved characters like ?, &, =, and /. encodeURIComponent() encodes a specific part of a URL (like a query parameter value) and encodes all reserved characters, ensuring they don't break the parent URL structure.
Are my decoded URLs stored anywhere?
No. This tool processes your URLs 100% locally in your browser using native JavaScript APIs. ZeroData Tools never sends your data to a server, meaning your sensitive API keys, auth tokens, or redirect URIs never leave your device.
How do I safely encode a redirect URI?
When passing a URL as a parameter to another URL (such as an OAuth redirect_uri), you must encode it completely using encodeURIComponent() or a standard percent-encoder. This ensures the slashes and question marks of the target URL aren't interpreted as part of the primary URL.
Why did my API call fail with a '400 Bad Request' on special characters?
If your URL contains unencoded special characters like '&' or '=', the server may misinterpret where your query string variables begin and end. Always URL-encode dynamic parameter values before appending them to a query string.
Can I decode a URL multiple times?
Yes, if a string was 'double-encoded' (e.g., a space became %20, and then the % was encoded to %25, resulting in %2520), you may need to run it through the decoder twice to retrieve the original plaintext.