About the Encoding Toolkit
The Encoding Toolkit handles bidirectional conversion across eight formats: Base64 (text + file mode), URL encoding, HTML entities, Hex, Binary, Unicode escape sequences, JWT decode (header + payload + signature breakdown, with expiration awareness), and ROT13. An auto-detect mode identifies the format of pasted input and decodes it automatically.
It is built for developers debugging an API response that came back Base64-encoded, security folk decoding a JWT to see what claims a token actually carries, integration engineers URL-encoding query strings before they hit a webhook, content devs converting accented characters to HTML entities, and CTF / forensics players walking through encoded payloads.
Every conversion runs locally in JavaScript. Pasted text, decoded JWT payloads, and uploaded files never leave your device. The page makes no network call after first load. This is non-negotiable for a JWT decoder — tokens routinely contain user IDs, email addresses, scopes, and other identifiers that should not appear in third-party logs.
Two important reminders: JWT decode is not verification — this tool reads the payload but cannot validate the signature without the secret key (use a proper crypto library for that). And Base64 / URL-encoding / hex are encodings, not encryption — they obscure but do not protect data. Never store passwords as Base64; never trust client-supplied JWTs without server-side signature verification. ROT13 is a Caesar-cipher toy — never use it for anything that needs to stay secret.
Batch Processing
Paste multiple strings (one per line) and encode / decode them all at once.
Batch Processing
Encode or decode multiple strings at once — one per line.
Encoding Chain
Apply multiple encodings in sequence. Build a pipeline to debug deeply-encoded strings.
Encoding Chain
Apply multiple encodings in sequence to debug deeply-encoded strings.
Understanding Text Encoding
Text encoding transforms data from one representation to another. Whether you're embedding images in HTML, passing parameters in URLs, or debugging API payloads, understanding encoding formats is essential for modern web development.
Base64 Encoding
Base64 converts binary data to a 64-character ASCII alphabet (A-Z, a-z, 0-9, +, /). It's widely used for embedding images in CSS (data: URIs), email attachments (MIME), and transmitting binary data through text-only channels. The URL-safe variant replaces + and / with - and _ to avoid conflicts in URLs.
URL Encoding (Percent-Encoding)
URL encoding replaces unsafe characters with %XX hex sequences. Spaces become %20 (or + in form data), and reserved characters like &, =, and ? are encoded to prevent ambiguity in query strings. Double encoding — encoding an already-encoded string — is a common bug that produces strings like %2520 instead of %20.
HTML Entities
HTML entities represent special characters that would otherwise be interpreted as markup. The five essential entities are <, >, &, ", and '. Extended entities like ’ (curly apostrophe) and — (em dash) handle typography and international characters.
Hex & Binary
Hexadecimal represents each byte as two characters (0-9, A-F), making it compact for displaying binary data. Binary representation uses 8 bits per character and is fundamental to understanding how computers store text. Both formats are essential for low-level debugging and protocol analysis.
Unicode Escape Sequences
Unicode escapes like \u0041 (the letter A) allow representing any Unicode character in ASCII-safe source code. JavaScript uses \uXXXX notation, while the U+XXXX format is the standard Unicode reference. These are essential when working with internationalized content or emoji in code.
Looking for related developer tools? Our JWT Decoder & Inspector provides a dedicated interface for inspecting JSON Web Token claims and expiry, and our Hash Generator handles MD5, SHA-1, SHA-256, and SHA-512 one-way hashing. Explore all Dev & Tech tools.
