Encoder / Decoder

Base64 and URL encoding/decoding tool.

Input String:

Output String:

How This Tool Works

Operation: The Encoder / Decoder tool supports multiple encoding schemes commonly used in web development and data processing. Each transformation uses native JavaScript methods or minimal self-contained logic:

Base64 Encode: btoa(unescape(encodeURIComponent(utf8String))) — Converts binary-safe strings to Base64 ASCII representation.
Base64 Decode: decodeURIComponent(escape(atob(base64String))) — Reverses Base64 back to UTF-8.
URL Encode: encodeURIComponent() — Encodes special characters in URL query parameters.
URL Decode: decodeURIComponent() — Reverses URL encoding to plain text.
HTML Entities Encode: Replaces <, >, &, ", ' with their HTML entity equivalents.
HTML Entities Decode: Creates a temporary </code>, sets <code>innerHTML</code>, and reads back the decoded <code>value</code> — leveraging the browser's native HTML parser.</li> <li><strong>Hex Encode/Decode:</strong> Iterates character codes, converting to/from hexadecimal representation using <code>toString(16)</code> and <code>parseInt(hex, 16)</code>.</li> </ul> <p>All transformations are synchronous and happen as instant, client-side operations.</p> <h2>Key Benefits of Using the Encoder / Decoder</h2> <ul> <li><strong>Privacy-critical data handling:</strong> Paste API keys, JWTs, authentication tokens, or other sensitive encoded data without risk. All encoding and decoding operations are performed locally — your secrets never leave the browser sandbox.</li> <li><strong>Seven formats in one place:</strong> Base64, URL, HTML entities, and Hex — encode and decode all from a single interface. No need to navigate between different tools for different encoding formats.</li> <li><strong>Real-time bidirectional conversion:</strong> As you type or paste in one field, the converted output updates instantly in the sibling field. Switch between encoding and decoding directions with a single click.</li> </ul> <h2>Practical Real-World Use Cases</h2> <ul> <li><strong>Developers debugging API tokens:</strong> A frontend developer inspecting a JWT token inside a browser's local storage can quickly Base64-decode the payload portion (the middle segment) to verify the token claims without exposing the secret key material.</li> <li><strong>Security researchers analysing payloads:</strong> A security engineer examining a potentially malicious URL parameter that is double-URL-encoded can iteratively decode it using the URL decoder until the plain-text payload is revealed.</li> <li><strong>Web developers sanitising user input:</strong> A developer receiving HTML-encoded user submissions can decode the entities before processing, or encode outgoing text to prevent XSS injection — with instant feedback on each transformation.</li> </ul> <h2>Frequently Asked Questions (FAQ)</h2> <h3>Is Base64 encryption?</h3> <p>No — Base64 is an encoding scheme, not encryption. It converts binary data to text for safe transmission over text-based protocols (email, JSON). Anyone can decode Base64 without a key. Never use Base64 to protect sensitive data.</p> <h3>What is the difference between URL encoding and HTML encoding?</h3> <p>URL encoding replaces characters unsafe in URLs (spaces become %20). HTML encoding replaces characters unsafe in HTML (less-than becomes <). They serve different contexts and have different character maps.</p> <h3>Does this tool handle emojis and UTF-8 characters?</h3> <p>Yes. The Base64 encode step uses <code>encodeURIComponent/unescape</code> to properly handle multi-byte UTF-8 characters including emojis, Chinese, Japanese, and Hindi script before applying standard Base64.</p> </div> </section> </main> <script src="utils.js"></script> <script src="media.js"></script> <script src="devtools.js"></script> <script src="app.js"></script> </body> </html>