URL Encoder
Paste text, get URL-safe percent-encoded output. Toggle component vs full-URL mode — picks the right encoder for query values vs whole URLs without you remembering the rules.
Why URL-encode?
- Building a query string by hand for a curl test against an API that takes search terms with spaces and ampersands.
- Wrapping a redirect target inside another URL's query parameter without it bleeding into the outer URL's structure.
- Encoding a JSON payload to embed in a GET request (rare but still happens with some tracking pixels and webhooks).
- Constructing a magic-link or password-reset URL where the email or token must survive percent-decoding cleanly.
- Producing the Authorization parameter for OAuth 1 signing, where every component must be percent-encoded per RFC 3986.
- Generating a Slack or Discord webhook URL that includes a user-supplied tag with non-ASCII characters.
How it works
Component mode runs your input through encodeURIComponent — encodes everything that isn't unreserved, including ?, #, &, =, /, and :. That's what you want for a value going into a query string slot. Full-URL mode uses encodeURI, which leaves URL-structural characters (:/?#&=) alone — for when you're encoding a whole URL that has been assembled with safe characters in the slots already. Both run client-side; nothing is logged.
Frequently asked questions
When should I use component vs full-URL?
Component for any value going inside a URL — query parameters, path segments, fragment identifiers. Full-URL only when you have a complete URL string with characters like spaces or accents in just the path/query bits, and you don't want : / ? # & = touched. The vast majority of real-world cases are component.
What characters are NOT encoded?
encodeURIComponent leaves alphanumerics plus -, _, ., ~, !, *, ', (, ) untouched (the RFC 3986 unreserved set plus a few punctuation marks). encodeURI additionally leaves :, /, ?, #, [, ], @, !, $, &, ', (, ), *, +, ,, ;, = alone — the structural URL syntax.
Does this handle UTF-8 / non-ASCII characters?
Yes. Multi-byte characters (emoji, accented letters, CJK) are UTF-8 encoded into bytes, then each byte is percent-encoded. So 日本語 becomes %E6%97%A5%E6%9C%AC%E8%AA%9E — a deterministic round-trip via the matching decoder.
Are spaces encoded as %20 or +?
%20. The + form is specific to the application/x-www-form-urlencoded content type (HTML form bodies). For URL paths and query strings, %20 is the correct general-purpose encoding.
Is my input logged?
No. Encoding runs as a JavaScript call on this page; nothing is sent over the network.
About this tool
Percent-encoding is how URLs survive any byte that isn't safe for transit through a URL parser. Each non-safe byte becomes %HH where HH is two hex digits. The 'safe' set is conservatively small (RFC 3986 unreserved characters), and the encoders draw a slightly broader line to keep URLs readable. The split between encodeURI and encodeURIComponent in JavaScript exactly mirrors the split between 'I have a whole URL with structural punctuation already in place' and 'this is a value that needs to slot into a URL.' Getting the right one matters: encoding & or = inside a query value is what stops a malicious value from breaking out of its slot and adding new parameters.