Example
Input (encode mode)
hello yutils!
Output
hello%20yutils%21
Note
Spaces become `%20` and `!` is escaped for safety. Decode mode reverses the transformation exactly.
Usage / FAQ
When to use
- Embed multi-byte / special characters in URL query parameters (e.g. search terms)
- Safely include Korean category names in API endpoint paths
- Decode an opaque URL from another site to see where it points
- Analyze redirect chains — peek inside `?redirect=` parameters
- Check whether a long URL inside an email body is properly encoded
FAQ
- Q.encodeURI vs encodeURIComponent?
- A.encodeURI keeps reserved characters like `:`, `/`, `?`, `#` intact for full URLs. encodeURIComponent is for fragments like query values — it also encodes `:` and `/`. This tool uses component semantics.
- Q.Should space be `+` or `%20`?
- A.URL paths use `%20`; application/x-www-form-urlencoded bodies use `+`. This tool follows the path convention (`%20`) — form data needs an extra step.
- Q.What if I encode an already-encoded string?
- A.`%20` becomes `%2520` — double encoding. A common debugging pitfall — always check whether the input is already encoded first.
Fun facts
Percent-encoding (`%20` and friends) in URLs was formalized in 1994 by Tim Berners-Lee in RFC 1738, with RFC 3986 (2005) as the current standard. `%XX` is the hex value of a byte — and with multilingual URLs growing, UTF-8 + percent-encoding has become the de facto pairing.
RFC 3986 (2005)RFC 3986's 'unreserved' set — `A-Z a-z 0-9 - _ . ~` — is the small group of characters you can safely embed without encoding. Older RFC 1738 had a wider unreserved set (including `+ - $ . , !`), which was narrowed for compatibility.
RFC 3986 — Unreserved CharactersA classic space-encoding gotcha — inside URL paths it's `%20`, but inside `application/x-www-form-urlencoded` query strings it's `+`. `encodeURIComponent` only emits `%20`; form submissions get `+` treatment from the browser. Two rules in two places, going on 30 years.
WHATWG URL — Form encoding
Related tools
- Base64 Encode / Decode
Encode text to Base64 or decode Base64 back to text. Runs entirely in your browser, no data sent to any server.
- UUID / ULID Generator
Generate UUID v4 (random), UUID v7 (time-ordered, RFC 9562), or ULID identifiers — all client-side via crypto.
- JWT Decoder
Decode the header and payload of a JSON Web Token. Signature is not verified (a public key is required). The token is processed entirely in your browser.
- JWT Encoder (HMAC)
Generate a signed JSON Web Token with HS256/HS384/HS512 (HMAC-SHA). Payload and secret stay in your browser — Web Crypto API based.
- SHA Hash
Compute SHA-1, SHA-256, SHA-384, or SHA-512 hash of text. Uses the browser's Web Crypto API; no data is sent to any server.
- Hex Encode / Decode
Encode text to hexadecimal or decode hex back to text. Supports UTF-8 multi-byte characters and tolerates whitespace.
- HTML Entity Encode / Decode
Encode HTML special characters (&, <, >, ", ') to entities, or decode named/numeric entities back to text.
- Password Generator
Generate cryptographically strong passwords, tokens, random strings, and passphrases with entropy display.
- Number Base Converter
Convert numbers between bases (binary/octal/decimal/hex/base36) using BigInt for large integers. Auto-detects 0b/0o/0x prefixes.
- URL Parser
Decompose a URL into protocol, host, path, query parameters, and hash — read-only inspection.
- HMAC Generator
Compute HMAC (Hash-based Message Authentication Code) with SHA-1/256/384/512 using the Web Crypto API.
- HMAC Verify
Verify whether a given HMAC signature matches the message + secret. Constant-time comparison via Web Crypto API.
- MD5 Hash
Compute MD5 hash for text. Note: MD5 is broken for security — checksums and legacy compatibility only.
- Punycode (IDN)
Convert international domain names to/from Punycode (xn-- encoded ASCII). Uses native URL parser.
- HTTP Status Codes
Browse and search HTTP status codes (1xx-5xx) with descriptions and common usage.
- User-Agent Parser
Parse User-Agent strings into browser, OS, device, and engine fields.
- Bcrypt Hash
Hash passwords with Bcrypt or verify a plaintext against an existing hash. Configurable salt rounds.
- Cookie Parser
Parse Cookie or Set-Cookie strings into a table. Decode percent-encoded values. Supports Set-Cookie attributes (Path/Domain/Max-Age/SameSite/HttpOnly/Secure).
- IP / CIDR Calculator
Compute network address, broadcast, host range, mask, and host count from an IPv4 + CIDR.
- cURL Builder
Build cURL commands from URL/method/headers/body. Auto-detects JSON content-type.