URL Encoder / Decoder

Encode and decode URL components - full, partial, double, and form encoding. Parse query strings into key/value tables.

Input - text to encode

Encoding mode

Full (encodeURIComponent) Partial (encodeURI) Double-encode Form (+ for spaces)

Examples

XSS payload

URL with spaces

JSON with unicode

Output - URL encoded

Input - URL encoded text

Examples

Encoded XSS payload

Double-encoded %A

Output - decoded

Query String Parser

Query string

Parameter	Value

How it works

Full encoding (encodeURIComponent) - Encodes all characters except A–Z a–z 0–9 - _ . ! ~ * ' ( ). Use this for encoding a query parameter value or any single URL component.

Partial encoding (encodeURI) - Encodes all characters except the reserved URL characters (: / ? # [ ] @ ! $ & ' ( ) * + , ; =). Use this when encoding a full URL where you want to preserve the structure.

Double encoding - Applies encodeURIComponent twice. Useful for testing WAF bypass and injection detection in security assessments.

Form encoding - Like encodeURIComponent but replaces spaces with + instead of %20, matching HTML form submission format (application/x-www-form-urlencoded).

Decode - Automatically handles single and double encoding by iteratively decoding until no % sequences remain.

View source of this tool Report issue