AI URL Encoding in JavaScript — encodeURI vs encodeURIComponent Explained

Published February 23, 2026 · 9 min read · Developer Tools

You are building a search feature and a user types C++ tutorials & guides into the search box. Your code constructs a URL like /search?q=C++ tutorials & guides and passes it to fetch(). The API returns zero results. The + signs got interpreted as spaces, the & split your query into two parameters, and the server received q=C and a mystery parameter called guides. Choosing the right JavaScript encoding function would have prevented this entirely.

If you have read our URL encoding fundamentals guide, you know how percent-encoding works at the protocol level. This article goes deeper into the JavaScript side — when to use which function, how the modern URL API simplifies everything, and the encoding pitfalls that catch experienced developers.

The Three JavaScript Encoding Functions

JavaScript provides three built-in functions for URL encoding, and using the wrong one is the single most common source of URL bugs in web applications.

encodeURIComponent — The One You Usually Want

encodeURIComponent() encodes everything except letters, digits, and the characters - _ . ! ~ * ' ( ). It is designed for encoding individual URI components — a query parameter value, a path segment, a fragment identifier:

const query = 'C++ tutorials & guides';
const url = `/search?q=${encodeURIComponent(query)}`;
// /search?q=C%2B%2B%20tutorials%20%26%20guides

This is the correct choice for query parameter values because it encodes &, =, +, /, and ? — all characters that have special meaning in URLs. If you remember only one rule: use encodeURIComponent for values, not full URLs.

encodeURI — For Complete URLs

encodeURI() encodes a full URI but preserves characters that are structurally meaningful in URLs: : / ? # [ ] @ ! $ & ' ( ) * + , ; =. Use it when you have a complete URL that might contain non-ASCII characters but whose structure is already correct:

const pageUrl = 'https://example.com/café/menü';
const encoded = encodeURI(pageUrl);
// https://example.com/caf%C3%A9/men%C3%BC

Notice that the slashes, colon, and protocol remain intact. If you had used encodeURIComponent here, the :// and / would be encoded too, producing an unusable string.

The Legacy escape() — Never Use It

The escape() function is deprecated and handles Unicode incorrectly. It encodes characters above U+00FF using a non-standard %uXXXX format that no server expects. If you see escape() in a codebase, replace it with encodeURIComponent().

Quick rule: Use encodeURIComponent() for parameter values. Use encodeURI() for full URLs with non-ASCII characters. Use the URL API (below) when building URLs from parts. Never use escape().

The Modern URL API

The URL and URLSearchParams APIs handle encoding automatically, eliminating the need to call encoding functions manually in most cases:

const url = new URL('https://api.example.com/search');
url.searchParams.set('q', 'C++ tutorials & guides');
url.searchParams.set('lang', 'en');
url.searchParams.set('page', '1');

console.log(url.toString());
// https://api.example.com/search?q=C%2B%2B+tutorials+%26+guides&lang=en&page=1

Notice that URLSearchParams uses + for spaces instead of %20. Both are valid in query strings (the application/x-www-form-urlencoded format uses +), but this difference occasionally causes issues with servers that only accept %20. If you hit that edge case:

const params = new URLSearchParams({ q: 'hello world' });
const fixed = params.toString().replace(/\+/g, '%20');
// q=hello%20world

Building URLs Safely with URL API

The URL constructor also handles path encoding. This is particularly useful when path segments come from user input or database values:

const base = 'https://api.example.com';
const category = 'electronics/phones & tablets';

// Wrong — breaks the URL structure
const bad = `${base}/category/${category}`;

// Right — encode the path segment
const url = new URL(`/category/${encodeURIComponent(category)}`, base);
// https://api.example.com/category/electronics%2Fphones%20%26%20tablets

The URL API validates the result, throwing a TypeError if the URL is malformed. This built-in validation catches bugs at construction time rather than at request time.

Common Encoding Pitfalls

Double Encoding

The most insidious encoding bug is double encoding — encoding a string that is already encoded. A %20 becomes %2520 (the % gets encoded to %25), and the server receives literal %20 instead of a space:

// Bug: encoding twice
const value = 'hello world';
const once = encodeURIComponent(value);  // hello%20world
const twice = encodeURIComponent(once);  // hello%2520world ← broken

This happens when encoding functions are called at multiple layers — once in your code, once in a library, and once in the HTTP client. Audit your encoding chain and encode exactly once, as close to the URL construction point as possible.

Encoding the Entire URL

A common mistake is wrapping an entire URL in encodeURIComponent():

// Wrong — destroys URL structure
const broken = encodeURIComponent('https://example.com/path?key=value');
// https%3A%2F%2Fexample.com%2Fpath%3Fkey%3Dvalue

// Right — encode only the dynamic parts
const safe = `https://example.com/path?key=${encodeURIComponent(userValue)}`;

Forgetting to Encode Path Segments

Developers often encode query parameters but forget that path segments can also contain special characters. A username like user/admin or a filename like report (final).pdf will break your URL if not encoded:

const filename = 'report (final).pdf';
const url = `/files/${encodeURIComponent(filename)}`;
// /files/report%20(final).pdf

Pro tip: When debugging URL encoding issues, use the browser DevTools Network tab. Click on a request and check the "Query String Parameters" section — Chrome automatically decodes the parameters so you can see what the server actually received. For quick encoding tests, use the AI URL Encoder to visualize the encoding in real time.

Encoding in Different Contexts

Fetch API and Axios

Modern HTTP clients like fetch() and Axios do not automatically encode URL parameters. You must encode them yourself or use URLSearchParams:

// fetch with URLSearchParams
const params = new URLSearchParams({
  q: 'machine learning',
  category: 'AI & ML',
  limit: '20'
});

const response = await fetch(`https://api.example.com/search?${params}`);

// Axios with params object (Axios encodes automatically)
const response = await axios.get('https://api.example.com/search', {
  params: { q: 'machine learning', category: 'AI & ML' }
});

Axios serializes the params object and handles encoding internally. If you pass a pre-encoded string as the URL, Axios will not double-encode it — but mixing manual encoding with Axios params can cause issues.

Form Submissions

HTML forms use application/x-www-form-urlencoded encoding by default, which is slightly different from standard percent-encoding. Spaces become + instead of %20, and the encoding rules differ for a few characters. The URLSearchParams API follows this format, making it the right choice for building form-like request bodies:

const body = new URLSearchParams({
  username: 'john doe',
  password: 'p@ss&word!'
});

fetch('/login', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: body.toString()
});

Encoding for Different Languages

International characters (Chinese, Arabic, emoji) are encoded as their UTF-8 byte sequences. A single emoji can expand to 12 characters of percent-encoded text:

encodeURIComponent('🚀')  // %F0%9F%9A%80
encodeURIComponent('日本語') // %E6%97%A5%E6%9C%AC%E8%AA%9E

This is correct behavior. Servers that support UTF-8 (which is nearly all modern servers) will decode these byte sequences back to the original characters. If your server returns garbled text, check that it is reading the request as UTF-8, not Latin-1 or another encoding.

Encode and decode URLs instantly

Paste any URL or text, see the encoded result in real time, and switch between encodeURI and encodeURIComponent modes.

Try AI URL Encoder →

Testing and Debugging URL Encoding

When URL encoding goes wrong, the symptoms are often misleading — 404 errors, empty search results, or garbled text that looks like a different bug entirely. Here is a systematic debugging approach:

Log the full URL before sending the request — console.log(url.toString())
Check the Network tab in DevTools for the actual request URL
Compare the "Request URL" with the decoded "Query String Parameters"
Look for %25 in the URL — this is the telltale sign of double encoding
Test with the AI URL Encoder to verify expected output

For automated testing, write unit tests that verify encoding for edge cases: strings with &, =, +, spaces, Unicode characters, and already-encoded strings. These tests catch encoding regressions before they reach production.

Wrapping Up

URL encoding in JavaScript comes down to three rules: use encodeURIComponent() for individual values, use the URL/URLSearchParams API for building complete URLs, and encode exactly once. The modern URL API handles most encoding automatically and validates your URLs at construction time, making it the safest approach for new code.

Explore more developer tools for working with URLs and data:

URL Encoding Fundamentals for the protocol-level explanation
Base64 Encoding Guide for encoding binary data in URLs
HTTP Status Codes Reference for debugging API responses
AI Regex Builder for validating URL patterns

The AI URL Encoder lets you paste any text, see the encoded output instantly, toggle between encoding modes, and decode percent-encoded strings back to readable text — all in your browser with zero setup.