URL Encoding
(Some links on this page take you to details in the HTML Tag Reference. Bookmark this page in your Favorites so you can come back to it later.) See also JavaScript escape vs. encode for details on encodeURI
, escape
and encodeURIComponent
.
A number of characters are considered unsafe to use in a URL because they have special meanings in URLs for various reasons1.
Any attribute with a value that is a URL must be URL-encoded, including:
- <a href>
- <area href>
- <audio src>
- <base href>
- <blockquote cite>
- <button formaction>
- <command icon>
- <del cite>
- <embed src>
- <form action>
- <iframe src>
- <html manifest>
- <img src> and <img usemap>
- <input src> and <input formaction>
- <ins cite>
- <link href>
- <meta content> when the value contains a URI reference
- <q cite>
- <object data> and <object usemap>
- <script src>
- <source src>
- <video poster> and <video src>
In addition, when a <form> specifies method="GET"
, the user input returned in the query string will be URL-encoded.