Uniform Resource Locator (URL) Encoder
Encode URL text for components, full links, form values, or paths with character maps and query checks before copying or sharing.{{ summaryTitle }}
Encode status
{{ mainOutput }}
| # | Input | Class | UTF-8 bytes | Encoded | Copy |
|---|---|---|---|---|---|
| {{ row.idx }} | {{ row.charDisplay }} | {{ row.classLabel }} | {{ row.utf8 }} | {{ row.encodedDisplay }} |
| Key | Decoded value | Copy |
|---|---|---|
| {{ row.key }} | {{ row.value }} | |
| No query parameters | ||
Introduction:
A URL is not just a line of text. It is a structured address where some characters identify the destination and other characters separate parts of the address. The same slash, question mark, ampersand, equals sign, or hash can be a delimiter in one position and ordinary data in another. URL encoding is the escape system that keeps those two roles from colliding.
Percent-encoding writes unsafe or ambiguous bytes as a percent sign followed by two hexadecimal digits. A space can become %20, a literal ampersand can become %26, and non-ASCII text is converted to UTF-8 bytes before each byte is escaped. That byte rule is why a single visible character such as é can turn into several percent escapes.
- URL component
- One address part, such as a query value, fragment value, or path segment, where delimiters may need to travel as data.
- Reserved character
- A character such as
/,?,#,&, or=that can change how a URL is parsed. - Unreserved character
- A letter, digit, hyphen, period, underscore, or tilde that can normally stay readable in a URI.
- Form-style value
- A query value convention where spaces may be written as
+instead of%20.
Context is the common source of mistakes. Encoding a whole URL should keep the scheme, host, path separators, query marker, and fragment marker visible. Encoding a single query value should usually escape the same delimiter characters so the value does not split into new parameters. Encoding a path can be different again because a slash may be either a separator between path segments or a literal slash inside one segment.
Unicode can add a second kind of surprise. Two strings can look the same while using different underlying code points, and normalization can change the bytes that later become percent escapes. Normalization is useful when equivalent text should compare consistently, but it is risky for signed links, exact identifiers, fixture data, and other byte-sensitive handoffs.
URL encoding is a representation step, not a security review. It does not remove tracking parameters, prove that a domain is safe, prevent redirects, or guarantee that every server will parse repeated keys and plus signs the same way.
How to Use This Tool:
Start by deciding where the text will be inserted. A value meant for one query parameter needs a different pass than a complete URL that already has its own structure.
- Paste the source text into
Text or URL. Turn onTrim outer whitespaceonly when leading and trailing spaces are accidental. - Choose
Encoding targetbefore reading the result. UseURL componentfor one query value, token, fragment value, or similar field. - Switch to
Full URLwhen the pasted text is already a complete address, toForm/query valuewhen the receiver expects plus signs for spaces, or toPath with slasheswhen slash characters should remain path separators.For a search value such ascoffee beans & tea, encode the value as a component before placing it afterq=. Whole-URL mode can leave&with parameter-separator meaning. - Leave
Unicode normalizationoff for signed URLs, test fixtures, and exact identifiers. ChooseNFCorNFKConly when you intentionally want equivalent Unicode text normalized before encoding. - Use
Advancedfor exact handoff rules.Strict RFC 3986 escapesalso escapes!,',(,), and*;Preserve existing %XX escapeskeeps valid existing escape triplets from being encoded again.Preserving escapes is helpful for already-encoded text such as%2F. Leave it off when the percent sign itself is literal data that must be escaped as%25. - Review
Encoded URL Textfor the value to copy andCharacter Mapfor the per-character reason each visible character was kept or escaped. - Use
Query Previewwhen the output parses as a URL with query parameters, and useQR Handoffonly for outputs short enough to scan reliably.
Interpreting Results:
The summary gives the selected target, input length, output length, percent-escape count, and space policy. Those numbers are useful for review, but they do not prove that the chosen target was correct. A high escape count can simply mean the input contains spaces, reserved characters, emoji, accented text, or strict-mode characters.
Encoded URL Text is the final text output. Character Map explains each source character, its class, its UTF-8 bytes, and the escaped value. Use that map when a slash, literal percent sign, plus sign, line break, tab, emoji, or accented character changes in a way that looks unexpected.
Query Preview parses URL-shaped output and shows the query keys and values that a typical URL parser sees. It is especially useful when a value contains &, =, a literal plus sign, or repeated parameter names. Treat the preview as a parsing check, not as a promise that every server-side framework will interpret the query identically.
Open URL is available only for outputs that parse as HTTP or HTTPS addresses. It is a convenience check for syntax, not a reputation or phishing check. The QR surface follows the same rule: it can hand off encoded text, but the destination still needs normal link review.
Technical Details:
URI syntax separates data characters from delimiter characters. Unreserved characters can normally stay visible because they do not define generic URL structure. Reserved characters are different: they can be valid text in a URL, but their meaning changes by component. Encoding or decoding a reserved character can change the parsed address.
Percent-encoding works on bytes. Text is prepared, optionally normalized, converted to UTF-8, and then bytes that cannot remain visible in the selected context are emitted as % plus two hexadecimal digits. Uppercase and lowercase hex digits represent the same byte, but uppercase escapes are the conventional normalized form.
Target Behavior
| Target | What it preserves | Typical use |
|---|---|---|
| URL component | Only characters safe inside one component remain readable. | One query value, fragment value, token, or path segment. |
| Full URL | Structural delimiters such as :, /, ?, &, =, and #. |
A complete address where existing URL syntax should stay intact. |
| Form/query value | Component-style escaping, with spaces represented as +. |
Form-encoded query values and systems that expect plus-space convention. |
| Path with slashes | Slash characters remain visible after component-style encoding. | Multi-segment path text such as docs/team notes/2026. |
Output Length
Each unescaped visible character contributes one output character. Each escaped byte contributes three characters. Form-style spaces are the exception because a space written as + occupies one character instead of three.
Here L is output length, K is the count of kept visible characters, E is the count of percent-escaped bytes, and F is the count of form-style spaces written as plus signs. A non-ASCII character may add more than one escaped byte because UTF-8 can use multiple bytes for one displayed character.
Review Rules
| Rule | Effect | Risk if misread |
|---|---|---|
Existing %XX escapes |
Preservation keeps valid triplets intact and normalizes their hex case. | Without preservation, %2F can become %252F. |
| Strict RFC 3986 set | Escapes !, ', (, ), and * after the main encoding pass. |
Some strict receivers or fixtures expect those characters escaped even when common browser encoders keep them. |
| Unicode normalization | NFC and NFKC can change the code point sequence before UTF-8 bytes are produced. | Signed URLs and exact identifiers can fail if bytes change before encoding. |
| Plus signs | Form-style output uses + for spaces, while literal plus signs are escaped as %2B. |
A receiver that does not apply form parsing may treat + as a literal plus sign. |
| Parsed queries | The preview decodes query keys and values from URL-shaped output. | Repeated keys, blank keys, and framework-specific query rules may still need destination testing. |
Worked Examples:
One query value with delimiters
Paste coffee beans & tea/latte?size=large and choose URL component. The encoded value becomes coffee%20beans%20%26%20tea%2Flatte%3Fsize%3Dlarge. The ampersand, slash, question mark, and equals sign are escaped because they are data inside one value.
Form value with a literal plus sign
Paste coffee beans + tea and choose Form/query value. Spaces become plus signs, while the literal plus sign becomes %2B, producing coffee+beans+%2B+tea. That distinction matters when the receiver treats plus as a space.
Path text that keeps separators
Paste docs/team notes/2026 and choose Path with slashes. The output is docs/team%20notes/2026. The spaces are escaped, but the slash separators continue to divide the path into segments.
Avoiding double encoding
Paste docs%2Fteam notes in component mode. With preservation off, the existing percent sign is escaped and the output becomes docs%252Fteam%20notes. With Preserve existing %XX escapes on, the existing slash escape stays as %2F and the output becomes docs%2Fteam%20notes.
FAQ:
Should I encode the whole URL or only a value?
Encode the whole URL only when the address already has the structure you want to preserve. Encode only the value when you are filling one query parameter, fragment value, token, or path segment.
Why did a slash become %2F?
Component mode treats the slash as data, so it escapes it. Choose Path with slashes when slashes should remain path separators.
Why did %2F become %252F?
The percent sign was encoded as literal data. Turn on Preserve existing %XX escapes when the original triplet is already intentional.
Are %2f and %2F different?
They represent the same byte. Uppercase hex is commonly used for normalization and easier review, but most URL parsers treat the two forms as equivalent.
Why is QR handoff unavailable?
The QR surface is limited to encoded text that is short enough for practical generation and scanning. Copy the encoded text directly when the output is too long.
Does URL encoding make a link safe to open?
No. Encoding changes character representation. It does not validate the destination, remove malicious intent, or prove that a redirect target is safe.
Glossary:
- Percent-encoding
- The URI escape format that writes a byte as
%followed by two hexadecimal digits. - Reserved character
- A character that may act as URL syntax, such as
/,?,#,&, or=. - Unreserved character
- A character that can normally stay visible in a URI: letters, digits, hyphen, period, underscore, and tilde.
- UTF-8
- The byte encoding commonly used before non-ASCII text is emitted as percent escapes.
- Unicode normalization
- A text process that can convert equivalent or compatibility characters into a consistent form before encoding.
- Query parameter
- A key-value item in the query string after a question mark, often separated from other parameters by ampersands.
References:
- RFC 3986: Uniform Resource Identifier (URI): Generic Syntax, IETF, January 2005.
- URL Standard, WHATWG.
- Unicode Standard Annex #15: Unicode Normalization Forms, Unicode Consortium.