XML URL Encode
Percent-encode XML so it's safe in a URL or query string. It runs entirely on your device — nothing is uploaded.
Example
Output
%3Ca%20b%3D%221%22%2F%3E
How it works
Standard percent-encoding makes characters like <, > and spaces URL-safe.
Good to know
XML URL Encode takes a chunk of XML and percent-encodes every character that has a special meaning in a URL, turning markup like <a b="1"/> into %3Ca%20b%3D%221%22%2F%3E. It is built for developers and API testers who need to drop raw XML into a query string, a redirect parameter, a form field, or a config value without the angle brackets, quotes, equals signs, and spaces breaking the link.
Reach for it whenever XML has to travel inside a URL: passing a SOAP or RSS snippet as a GET parameter, embedding markup in a webhook callback URL, encoding XML for an OAuth or signing step, or pasting a payload into a browser address bar for a quick test. Characters such as <, >, &, =, ", #, ?, and the space are exactly the ones that confuse URL parsers, so encoding them first keeps the request intact.
Reading the output is straightforward: each unsafe byte becomes a percent sign followed by two hexadecimal digits (for example %20 is a space and %3C is <), while letters, digits, and a few safe symbols pass through unchanged. To recover the original XML, run the encoded string through a matching URL-decode step, after which it should be byte-for-byte identical.
A practical caveat: URL-encoding is about transport safety, not XML well-formedness, so it does not validate or fix your markup, and the same encoded text can decode differently depending on whether + is treated as a space. If your XML contains accented or non-Latin characters, make sure it is UTF-8 before encoding so the percent-escapes round-trip correctly on the receiving end.
Frequently asked questions
Is my data uploaded anywhere?
No — everything runs in your browser. Your code never leaves your device, so it's safe for private work and runs offline once loaded.
Is this tool free?
Yes, completely free with no sign-up and no limits.
People also ask
What is the difference between XML URL encoding and XML escaping?
URL encoding makes XML safe to carry inside a URL by turning unsafe characters into percent-codes like %3C, while XML escaping replaces markup characters with entities like < and & so they are safe inside an XML document. They solve different problems and are not interchangeable.
How do I decode percent-encoded XML back to its original form?
Pass the encoded string through a URL-decode (percent-decode) step, which converts each %XX sequence back to its character. The result should match your original XML exactly, assuming it was encoded as UTF-8.
Does URL encoding change the meaning of my XML?
No. Encoding only changes how the characters are represented for transport; once decoded, the XML is identical. The element structure, attributes, and content are untouched.
Why does a space sometimes become %20 and sometimes a plus sign?
In the path and standard percent-encoding a space is %20, but in the application/x-www-form-urlencoded format used by query strings a space can be encoded as a plus sign. Both decode back to a space, but you must use the matching decoder to avoid errors.
Do I need to URL-encode XML before putting it in a query string?
Yes, if the XML contains characters like <, >, &, =, quotes, or spaces, which are reserved or unsafe in URLs. Without encoding, the URL parser may truncate or misread the value.
Will this tool validate that my XML is well-formed?
No. It only handles URL safety and does not check whether your XML is valid or well-formed. Use a dedicated XML validator or parser for that.
Is it safe to URL-encode XML that contains non-English characters?
Yes, as long as the input is UTF-8. Each non-ASCII character is encoded as one or more percent-escaped bytes that decode back to the original text on the other side.
Related tools