URL Decoder — Decode Percent-Encoded URLs Online
URL Decoder converts percent-encoded strings (e.g. %20, %26) back to their original characters. Paste a URL-encoded string and the decoded output appears immediately. SmartDevBox uses decodeURIComponent() for full component decoding.
Reading Percent-Encoded URLs
Log files, browser developer tools, and API error messages frequently contain percent-encoded URLs. A redirect URL that looks like https://example.com/callback?code=abc&state=eyJ0eXAiOiJKV1QifQ%3D%3D&redirect_uri=https%3A%2F%2Fapp.example.com%2Fauth becomes immediately readable once decoded: the state value is a Base64-encoded JSON string, and the redirect_uri is a clean URL.
decodeURIComponent() is the inverse of encodeURIComponent(). It converts each %XX sequence back to the original character, including %2F back to /, %3D back to =, and %20 back to a space. A different function, decodeURI(), only decodes non-structural sequences, leaving characters like %2F encoded so they do not accidentally split the URL path.
Double-Encoding Pitfalls
Double-encoding happens when a string that is already percent-encoded gets encoded again. A % character is itself encoded as %25, so %20 (a space) double-encoded becomes %2520. When decoded once you get %20, not a space. This is a frequent source of bugs in proxy servers, URL-rewriting middleware, and OAuth flows where the redirect_uri is passed through multiple encoding layers.
To diagnose a double-encoding issue, decode the string once and see whether the output still contains %XX sequences. If it does, the original string was double-encoded. Decode once more to get the final value. SmartDevBox shows the decoded output immediately, making it easy to spot whether further decoding passes are needed.
Common Use Cases
- Reading encoded query strings in browser developer tools
- Decoding redirect_uri values in OAuth flows
- Understanding encoded log entries from web servers
- Debugging URL construction in API integrations
Frequently Asked Questions
How do I decode a URL-encoded string?
Paste the percent-encoded string (e.g. hello%20world) into SmartDevBox. The URL Decoder converts it back to the original text (hello world) automatically on paste.
Privacy & Security
This tool runs entirely in your browser using client-side JavaScript. No data is sent to a server — your input never leaves your machine. SmartDevBox has no account system, no usage tracking, and no paid tier. See the Privacy & Security page for full details.
Related Tools
- URL EncoderPercent-encode any string for safe use in URLs instantly in your browser. Free, no sign-up, 100% client-side.
- URL ParserParse any URL into its protocol, host, path, query parameters, and hash fragment instantly. Free, no sign-up, 100% client-side.
- Base64 DecoderDecode any Base64 string back to plain text instantly in your browser. Free, no sign-up, 100% client-side. Supports standard and URL-safe Base64.
Related Recipes
- Extract URLs from logsPull every URL out of noisy logs, then parse the important ones into scheme, host, path, query parameters, and fragments.