EncodingAlso called: "percent encoding", "url escape"
URLs can only contain certain characters, so special characters must be encoded.
Why encoding is needed
- Spaces, slashes, and symbols have special meanings in URLs.
- Non-ASCII characters (é, ñ, 中) need encoding for compatibility.
- Prevents security issues from malformed URLs.
Common encodings
- Space: %20 or +
- Forward slash: %2F
- Question mark: %3F
- Ampersand: %26
- Hash: %23
Security implications
- Double encoding can bypass filters: %252F becomes %2F becomes /.
- URL encoding used in XSS, SQL injection, and path traversal attacks.
Related Articles
View all articlesHow to Identify Unknown Cipher Types in CTF Challenges
Learn systematic techniques for identifying unknown cipher types in CTF competitions. Master frequency analysis, Index of Coincidence, pattern recognition, and other methods to quickly categorize and break encoded messages.
Read article →HTML Encoder/Decoder
Encode and decode HTML entities for safe display in web pages with special character handling
Read article →URL Encoder/Decoder
Encode and decode URLs and query strings for safe transmission with special character handling
Read article →What is URL Encoding (Percent Encoding) and Why Is It Necessary?
Learn about URL encoding (percent encoding) - the essential web standard that makes special characters safe in URLs. Discover why spaces become %20 and how encoding prevents broken links.
Read article →