Input
Output
⚠️
Base64
A–Z a–z 0–9 + /The 64 characters used in standard Base64=Padding character — added to make length a multiple of 4- _URL-safe variant replaces + and / to avoid URL conflicts3 bytes → 4 charsEvery 3 input bytes become 4 Base64 characters (~33% size increase)Examples — click to load
Hello, World!Basic text → Base64{"user":"alice"}JSON payload (common in JWTs)SGVsbG8sIFdvcmxkIQ==Decode → "Hello, World!"URL Encoding
%XXPercent-encoded byte — XX is the hex value of the byteA–Z a–z 0–9 - _ . ~Unreserved characters — never encodedencodeURIComponentEncodes everything except unreserved chars — use for query param valuesencodeURILeaves reserved chars intact — use for full URLs+ vs %20Both represent a space — + is only valid in query strings (form encoding): / ? # [ ] @ ! $ & ' ( ) * + , ; =Reserved characters — encoded when used as data (not structure)Examples — click to load
hello world & moreSpaces and & encodedhttps://example.com/search?q=…Full URL as a query param valuecaf%C3%A9%20au%20laitDecode → "café au lait"HTML Entities
&& — must be escaped to avoid starting an entity<< — must be escaped to avoid opening a tag>> — should be escaped inside attribute values and CDATA"" — must be escaped inside double-quoted attributes'' — must be escaped inside single-quoted attributesExamples — click to load
<script>alert("XSS")</script>Escape for safe HTML outputPrice: £10 & taxAmpersand in text content<b>Hello & World</b>Decode entities back to charactersUnicode Escapes
\uXXXX4-hex-digit escape — covers the Basic Multilingual Plane (U+0000 to U+FFFF)\u{XXXXX}Variable-length ES6 escape — covers all Unicode code points including emojiASCII passthroughCharacters below U+0080 are left as-is — only non-ASCII gets escapedJSON stringsJSON uses \uXXXX to safely embed any character in a string literalExamples — click to load
café résuméAccented characters → \uXXXXHello 你好 мирMixed scripts\u0048\u0065\u006C\u006C\u006FDecode → "Hello"