String Functions
URL Decoder
Decode percent-encoded URLs and query strings back to plain text. Handles both `%20` and `+` for spaces.
About the URL decoder
This tool reverses percent-encoding: paste a URL, a query string, or any percent-encoded text, and it returns the original, human-readable value. Percent-encoding replaces characters that aren't safe inside a URL — spaces, &, =, non-ASCII letters — with a % followed by two hex digits, so a space becomes %20 and café becomes caf%C3%A9. This tool undoes exactly that: %3D becomes =, %26 becomes &, and multi-byte UTF-8 sequences like %C3%A9 reassemble back into é.
Under the hood it runs two steps, matching PHP's urldecode() rather than the stricter rawurldecode(). First it replaces every literal + with a space, then it passes the result to the browser's built-in decodeURIComponent, which resolves the remaining %XX sequences and decodes them as UTF-8. The order matters: a + in a query string almost always means a space, since that's how HTML forms encode one, but a literal plus sign has to survive as %2B or this tool will turn it into a space too. Everything runs in your browser — no input is sent to a server.
Reach for this when a query string, redirect URL, or webhook payload shows up percent-encoded in a browser address bar, a server log, or an API response, and you need to read the value inside it — a search term, an email address, a callback target. It doubles as a sanity check on your own encoding: round-trip a value through the URL Encoder and back and you should get the original text. If this tool throws instead, the input has a bare % not followed by two hex digits — usually a sign the text was never percent-encoded (a literal 50% off) or was assembled with unsafe string concatenation.
Examples
Input
name%3DJohn+Doe%26city%3DNew+York
Output
name=John Doe&city=New York%3D decodes to =, %26 decodes to &, and each + becomes a space.
Input
name=Jos%C3%A9&city=S%C3%A3o+Paulo
Output
name=José&city=São Paulo%C3%A9 and %C3%A3 are the two-byte UTF-8 encodings of é and ã — multi-byte sequences reassemble correctly.
function urldecode(input) {
return decodeURIComponent(input.replace(/\+/g, ' '));
}
urldecode('name%3DJohn+Doe%26city%3DNew+York');
// => "name=John Doe&city=New York"This is exactly what runs client-side when you click Submit. PHP's own urldecode() behaves the same way; rawurldecode() differs by leaving + alone.
Frequently asked questions
Why does a + in my input turn into a space?
This tool matches PHP's urldecode() convention, where + is shorthand for %20 coming from HTML form encoding (application/x-www-form-urlencoded), so both decode to a space. If your text has a literal plus sign that must survive, it needs to be percent-encoded as %2B before you paste it in.
What's the difference between URL decoding and Base64 decoding?
URL decoding reverses %XX escapes used to make text safe inside a URL or query string. Base64 decoding reverses a different encoding used to represent arbitrary binary data as ASCII text, such as in data URIs or JWT segments — it uses only letters, digits, +, /, and = padding, with no % characters, so use the Base 64 Decoder if that's what you're looking at.
Is this the same as JavaScript's decodeURIComponent()?
Almost — this tool runs decodeURIComponent() but first converts every + to a space, which plain decodeURIComponent() does not do. Both PHP's rawurldecode() and JavaScript's bare decodeURIComponent() leave + untouched, decoding only %XX sequences.
Why am I getting an error instead of a decoded result?
The input contains a % that isn't followed by two valid hexadecimal digits, which is invalid percent-encoding and can't be decoded. This usually means the text was never actually percent-encoded — a stray % in plain text, like 50% off — or it was corrupted by double-encoding or manual string editing.
Does this tool send my text to a server?
No. Decoding runs entirely in your browser using JavaScript's built-in decodeURIComponent; the text you paste is never transmitted, logged, or stored.