URL Encoder and Decoder | Exact Percent Encoding and Plus Rules

EncodingRuns in Your Browser (No Uploads)

Encode or decode one exact URL value with explicit RFC 3986 component, full URL, and form-value rules. Inspect UTF-8 bytes, percent escapes, literal plus signs, malformed escapes, and possible double encoding before copying or downloading the result.

What to do next

Continue with a related workflow or open the next tool that usually follows this task.

How to Use This Tool

Keep an untouched copy of the original value, then choose Encode or Decode.

Choose RFC 3986 Component, Full URL, or Form value according to the receiving system.

Enter the exact text without trimming spaces or changing existing percent escapes.

Run one conversion and review UTF-8 byte, %HH escape, and plus-sign counts.

Read warnings for existing escapes, nested URLs, literal plus signs, or another possible encoding layer.

Copy or download the result, then test it in the actual application and compare the received value with the original.

When to Use This Tool

Nested Redirect and Callback Values

Encode one redirect_uri, next, returnUrl, state, or callback value without turning its internal ampersands into outer parameters.

API and Query Component Transport

Prepare a search term, filter, path segment, or API parameter that contains spaces, Unicode, slashes, plus signs, or reserved punctuation.

Readable Full URL Encoding

Encode a readable complete URL while keeping its scheme, host, path separators, query boundaries, fragment, and IPv6 host brackets visible.

Form Submission Debugging

Reproduce how HTML form and URLSearchParams-style values distinguish spaces from literal plus signs.

Double-Encoding Diagnosis

Decode a suspicious value once, inspect remaining %25-derived escapes, and isolate the exact layer that a proxy, SDK, or application encoded twice.

Common Mistakes

Encoding a complete URL as a component

Component mode intentionally encodes slashes, question marks, ampersands, and equals signs. Use it for one value or for a complete URL nested inside another parameter, not for a URL whose structure must stay active.

Treating every plus sign as a space

A literal plus is data in RFC 3986 component mode but represents a space in form encoding. Choose Form value only when the receiving system uses application/x-www-form-urlencoded rules.

Encoding an already encoded value

Encoding an existing %20 turns its percent sign into %25. Review the existing-escape warning and confirm that a second transport layer is really required.

Repeatedly decoding the whole URL

Decode one identified value once, compare it with the source, and stop unless a remaining %HH layer is proven. Repeatedly decoding a whole URL can turn protected delimiters into active syntax.

Mistaking encoding for protection

Percent encoding changes representation only. Tokens, email addresses, callback state, and passwords remain readable to logs, browsers, and anyone who receives the link.

Examples

Encode one nested redirect value

RFC 3986 Component encodes a complete redirect target when that entire URL must become one outer query value.

Input
https://client.example.com/a b?x=1&y=2
Output
https%3A%2F%2Fclient.example.com%2Fa%20b%3Fx%3D1%26y%3D2

Decode a form-encoded search value

Form value decoding converts form plus signs to spaces while preserving encoded literal plus signs as plus signs.

Input
C%2B%2B+URL+%EC%84%9C%EC%9A%B8
Output
C++ URL 서울

Percent-Encoding Profiles and Exact Decode Boundaries

RFC 3986 Component leaves only letters, digits, hyphen, period, underscore, and tilde unescaped. Reserved delimiters such as :, /, ?, #, &, =, and + become uppercase %HH sequences based on UTF-8 bytes.

Full URL mode follows whole-URI behavior: it keeps structural delimiters and IPv6 brackets readable while encoding spaces and non-ASCII text. During decoding, escapes that protect reserved delimiters can remain encoded so URL boundaries do not change.

Form value follows application/x-www-form-urlencoded rules. Spaces serialize as +, a literal + serializes as %2B, and decoding reverses those choices. It is a profile for one form value, not a license to replace plus signs globally.

Every percent sign in decode input must have two hexadecimal digits. Valid %HH triplets must also form valid UTF-8; malformed syntax and invalid byte sequences have separate errors and are never repaired silently.

Input is limited to 1,048,576 Unicode characters and 1,048,576 UTF-8 bytes. The transformer preserves surrounding whitespace, performs exactly one requested pass, and reports actual UTF-8 bytes rather than JavaScript UTF-16 length.

Frequently Asked Questions

When should I choose Component instead of Full URL?

Use RFC 3986 Component for one query value, path segment, opaque identifier, or a whole URL transported as one nested value. Use Full URL when scheme, slashes, query separators, and fragment syntax must remain readable and active.

Does a plus sign mean a plus or a space?

Only Form value mode treats a raw plus as a space. Component and Full URL decoding preserve a literal plus. An encoded %2B becomes a plus in all relevant decode profiles.

How does the tool handle double encoding?

A result such as %2F after one decode may indicate another layer, but it may also be intentional data. The tool warns and stops after one pass so you can identify the exact nested value before decoding again.

Will invalid percent encoding be repaired automatically?

No. A malformed % sequence and a well-formed sequence whose bytes are invalid UTF-8 are reported separately. The tool does not silently replace, skip, or repair either form.

Does percent encoding protect confidential values?

No. Percent encoding is a transport representation, not encryption, authentication, or access control. Remove secrets from URLs and use HTTPS plus application-level security.

Is my entered URL uploaded?

Normal conversion, preview, copy, and text-file download run locally in the browser. Operational analytics may record the selected profile and aggregate byte counts, but the implementation does not include the entered value in those events.

How This Tool Was Verified

Maintained and tested by Reviewed

Method: This check paired the exact “Encode a nested search URL as one value” input with URL Encoder and Decoder. We followed “Keep the raw source value”, captured the result after “Choose the receiving convention”, and compared it with the example while treating “Including the outer key in the encoded value” and “Treating raw plus as space without checking” as explicit boundary questions.

Expected result: Only the nested search URL was encoded, yielding the documented %3A, %2F, %3F, %20, and %26 sequences while leaving the outer parameter structure available to its receiver.

Sources and standards

Open the tested workflow

Related workflow guides

Use these focused guides when you need a practical workflow before opening the tool.

Workflow guide

Decode a Base64 API payload without corrupting bytes

Use this repeatable workflow for encoded JSON fields, webhook metadata, headers, cookies, and logs. It validates the alphabet and padding before decoding, preserves binary bytes for download, and keeps Base64 separate from encryption or signature verification.

Workflow guide

Debug encoded query parameters without double-decoding them

Use this workflow when a callback, search link, webhook, or API request changes plus signs, repeated keys, JSON string escapes, or a nested return URL after more than one parser touches it.

Workflow guide

Fix broken URL query parameters

Use this workflow when a query string is present but the receiving app reads the wrong value, loses a parameter, or treats encoded text as literal data. The goal is to identify the broken layer before rebuilding the link, not to repeatedly encode the entire URL until it appears to work.

Workflow guide

Decode a JWT safely before debugging authentication

Use this workflow when a login, API request, or permission check fails and you need to inspect token claims before changing auth code.

Workflow guide

Create a QR Code for a Link That Scans Reliably

Use this workflow when a website, form, menu, event page, or support link must move from paper, packaging, a PDF, or a presentation into a phone without relying on a tracking or redirect service.

Workflow guide

Encode one URL query value without breaking the outer link

Use this workflow when data inside one query parameter contains spaces, ampersands, equals signs, Unicode, a plus sign, or another complete URL.

Workflow guide

Diagnose and recover one double-encoded query value

Use this workflow when a callback, webhook, proxy, SDK, or copied link contains `%252F`, `%2520`, `%253A`, or another sign that a percent sign was encoded again.

Workflow guide

Debug a callback URL without losing query order or encoding evidence

Use this workflow when an OAuth, SSO, webhook, campaign, or application callback looks correct in a browser but the receiving system reads another path or parameter value.

Related Tools

Continue with another maintained workflow

Browse All Tools