🍋
peasy / safe
Menu
Alle Tools Anleitungen 33 Glossar 45 Dateiformate 131 Anwendungsfaelle 302 API

Categories

P pdf I image D document T text D developer C css D design V video A audio Q qr S seo S security S social M math G generator
🍋 peasytools.com
Best Practice Beginner 1 min read 173 words

URL Encoding Best Practices for Web Developers

Proper URL encoding prevents broken links and security vulnerabilities. Learn which characters must be encoded and how to handle international URLs.

Key Takeaways

  • URLs can only contain ASCII characters.
  • Spaces become `%20` (or `+` in query strings).
  • Different URL parts have different encoding rules:
  • Domain names with non-ASCII characters use Punycode encoding.
  • A common bug is encoding already-encoded values, turning `%20` into `%2520`.
Featured Tool

Hash Generator

Generate SHA-1, SHA-256, SHA-384, SHA-512 hashes from text

Try it Free

Why URL Encoding Matters

URLs can only contain ASCII characters. Special characters, spaces, and non-ASCII characters must be percent-encoded (%XX format) to be safely transmitted. Incorrect encoding causes broken links, XSS vulnerabilities, and data loss.

Characters That Must Be Encoded

Spaces become %20 (or + in query strings). Forward slashes in values must be encoded as %2F. Ampersands in values need %26 to avoid being interpreted as parameter separators.

Component-Specific Encoding

Different URL parts have different encoding rules:

  • Path: Encode spaces and special chars, preserve /.
  • Query string: Encode spaces as +, preserve & and = as separators.
  • Fragment: Encode most special characters.

International Domain Names (IDN)

Domain names with non-ASCII characters use Punycode encoding. For example, münchen.de becomes xn--mnchen-3ya.de. Modern browsers display the Unicode version while transmitting the Punycode version.

Double Encoding

A common bug is encoding already-encoded values, turning %20 into %2520. This happens when a URL passes through multiple encoding layers. Always check if data is already encoded before encoding it again.

Verwandte Tools

H Hash Generator P Password Generator U Unix Timestamp Converter C Cron Expression Generator C Chmod Calculator S String Escape / Unescape I IP Subnet Calculator C Color Code Converter C CSV ↔ JSON Converter X XML ↔ JSON Converter S SQL Formatter M Markdown Table Generator H HTTP Status Code Reference M Meta Tags Generator R Robots.txt Generator . .gitignore Generator H HTML Formatter C CSS Unit Converter J JSONPath Evaluator T Text Diff Checker D Data URI Converter L Lorem Ipsum Generator P Path Converter . .htaccess Generator . .env Validator P Placeholder Image Generator

Verwandte Formate

.css .csv .html .json .md .txt .xml .yaml

Verwandte Anleitungen

JSON vs YAML vs TOML: Choosing a Configuration Format

Configuration files are the backbone of modern applications. JSON, YAML, and TOML each offer different trade-offs between readability, complexity, and tooling support that affect your development workflow.

How to Format and Validate JSON Data

Malformed JSON causes silent failures in APIs and configuration files. Learn how to format, validate, and debug JSON documents to prevent integration errors and improve readability.

Base64 Encoding: How It Works and When to Use It

Base64 converts binary data into ASCII text, making it safe for transmission through text-based systems. Learn when Base64 is the right choice and when alternatives like hex encoding or URL encoding are more appropriate.

Best Practices for Working with Unix Timestamps

Unix timestamps provide a language-agnostic way to represent points in time, but they come with pitfalls around time zones, precision, and the 2038 problem. This guide covers best practices for storing and converting timestamps.

Troubleshooting JWT Token Issues

JSON Web Tokens are widely used for authentication but can be frustrating to debug. This guide covers common JWT problems including expiration errors, signature mismatches, and payload decoding issues.