URLs can only contain certain characters, so special characters must be encoded.
Why encoding is needed
- Spaces, slashes, and symbols have special meanings in URLs.
- Non-ASCII characters (é, ñ, 中) need encoding for compatibility.
- Prevents security issues from malformed URLs.
Common encodings
- Space: %20 or +
- Forward slash: %2F
- Question mark: %3F
- Ampersand: %26
- Hash: %23
Security implications
- Double encoding can bypass filters: %252F becomes %2F becomes /.
- URL encoding used in XSS, SQL injection, and path traversal attacks.
Related Articles
View all articlesHow to Identify Unknown Cipher Types in CTF Challenges
Learn systematic techniques for identifying unknown cipher types in CTF competitions. Master frequency analysis, Index of Coincidence, pattern recognition, and other methods to quickly categorize and break encoded messages.
Read article →What is URL Encoding (Percent Encoding) and Why Is It Necessary?
Learn about URL encoding (percent encoding) - the essential web standard that makes special characters safe in URLs. Discover why spaces become %20 and how encoding prevents broken links.
Read article →What is Base64 Encoding and How Does It Work?
Learn the technical details of Base64 encoding, how it converts binary data to ASCII text, and why it
Read article →URL Encoding Components: Full URL vs Query Parameters
Understand the critical difference between encoding full URLs versus individual components. Learn which URL parts to encode and which to leave alone to avoid breaking your links.
Read article →