Percent-encode URLs or decode encoded strings for web and security use
URL encoding (percent-encoding) replaces unsafe characters with a %followed by two hexadecimal digits representing the character's byte value. For example, a space becomes %20.
space → %20
/ → %2F
? → %3F
& → %26
# → %23
= → %3D
URL encoding is often used in web attacks such as bypassing WAF rules, path traversal (%2F..%2F), and injecting characters that would otherwise be filtered. Double-encoding (%2520) can bypass some decoders.
Characters that do not need encoding: A–Z, a–z, 0–9 and - _ . ~. All others are percent-encoded.
