Developer Playground
URL Encode/Decode
URL encoding means replacing certain characters in a URL with a percent sign (%) followed by two hexadecimal digits.
What is URL Encoding?
URL encoding, also known as Percent-encoding, is a mechanism for encoding information in a Uniform Resource Identifier (URI). Since URLs can only be sent over the Internet using the ASCII character-set, any characters outside this set must be converted into a valid ASCII format.
Reserved vs. Unreserved Characters
Characters in a URL are divided into two categories:
- Unreserved: Characters that have no special meaning and can be used directly (A-Z, a-z, 0-9,
-,.,_,~). - Reserved: Characters that have special structural meanings (
:,/,?,#,[,],@,!,$,&,',(,),*,+,,,;,=). These must be encoded if used as data.
encodeURI() vs. encodeURIComponent()
In web development, choosing the right encoding method is critical:
- encodeURI(): Used for encoding a full URL. It ignores structural characters like
http://,/, and?. - encodeURIComponent(): Used for encoding a single component of a URL (like a query parameter). It encodes almost all non-ASCII and reserved characters, ensuring data doesn't break the URL structure.
Common Encoding Examples
| Character | Encoded Value | Reason |
|---|---|---|
| Space | %20 or + | Not allowed in raw URLs |
| & | %26 | Used as parameter separator |
| = | %3D | Used for key-value assignment |
Security and Performance
Improper URL encoding can lead to serious security vulnerabilities such as Open Redirects or Parameter Pollution. Always encode user-provided data before appending it to a URL string. Additionally, modern browsers handle some encoding automatically, but server-side processing still relies on standardized percent-encoding for data integrity.