We Rock Your Web in the Press!
Home > Tech > Web Development > A Complete Guide to URL Escape Characters

A Complete Guide to URL Escape Characters

Spectacles on eye chartIn order to prevent the misinterpretation of special characters such as a space, bracket (< and >), or % in the URL (which stands for Uniform Resource Locator – it is the address you see in your browser’s address bar indicating the location of the website you are visiting), browsers parse certain special characters using URL escape characters. This explains why when you click on a link such as: domain.com/page one.htm you see it parsed in the address bar as example.com/page%20one.htm. In this case the %20 is the escape character for the space.

Mass find and replace for documents or web pages

Chances are you’re looking up the code for a URL escape character because you’re a web designer, or at least building and designing your own web site. One of the biggest pains in web design can be the need to update a small piece of content on multiple pages. In this case, if you’re needing to update a URL escape character, it will be a pain in the butt to have to open a dozen files individually and make the change. In comes FAR Find & Replace software. Why pay $100 for Homesite (the only other software that does reliable mass find and replace for HTML or CSS documents), when you can use opensource FAR for free?

It’s powerful and efficient, and compatible with Windows operating systems. It works with all documents, not just web page files. With it, you can change or update multiple web pages/files at once, including multiple instances of URL escape characters. Whether it’s a link, a copyright notice, or simply a spelling mistake – you’ll be able to update hundreds of web pages or text documents at once, without having to edit edit each of them manually.

What You See is What You Get (WYSIWYG) HTML Editor

If you’d like to take the hassle out of hand-coding your escape characters, checkout the free open source elRTE web page (HTML) editor. No technical knowledge required – what you see is what you get. In other words, if you’re familiar with using Word Processing software, you should have no problem using elRTE to easily create web documents and web pages. You can even create an entire website of your own from the bottom up – without any programming experience. We’re curious to hear how you like elRTE, given that there are many other solutions available. Let us know in the comments, we want to post the best option here for our readers.

Common URL Escape Characters

Table of URL Escape Characters
Character Escape Character Character Escape Character
Space %20 # %23
$ %24 % %25
& %26 @ %40
` %60 / %2F
: %3A ; %3B
< %3C = %3D
> %3E ? %3F
[ %5B \ %5C
] %5D ^ %5E
{ %7B | %7C
} %7D ~ %7E
%22 %27
+ %2B , %2C

 

Good Coding Practice

It is good coding practice to avoid the need for URL escape characters. As a rule of thumb, avoid using the special characters above when formulating a URI string (filename), and I recommend using the hyphen (-) instead of the underscore (_) (as all search engines recognize the hyphen as a space separator, but the same is not true for the underscore; and older browsers do not correctly interpret the underscore in CSS). If you must use the above characters make sure to escape them using the above escape characters so when the browser parses your code it will not misinterpret the link. It’s important to note that these URL escape characters differ from HTML escape characters.

Looking for HTML (XHTML) Escape Characters?

Visit our page on HTML Escape Characters for a list of valid HTML (and XHTML) escape characters.


History


About Alex Schenker

Alex bring a series of in-depth articles on search marketing and content management systems as well as troubleshooting tips to We Rock Your Web's collection. He is an avid tennis player, nature enthusiast, and hiker, and enjoys spending time with his wife, friends, and dogs, Bella and Lily.
Previous:
Next:
  • Anonymous

    Great article. Question is – do URL escape characters matter in Windows Explorer? In other words, can I name a folder “Folder Name”, or should I name it “Folder-Name”?

    • We Rock Your Web

      That’s a great question. The answer depends on whether the folders will ever be hosted online. In other words, if someone tries to access the folder or files via a web browser, the spaces will be interpreted as characters. In the Windows environment alone, however, there is no need to replace spaces with hyphens.

  • Anonymous

    Thanks!

    • Alex

      Our HTML (and XHTML) Escape Characters List is finally complete. Click the link in the article above to access the page.

  • Anonymous

    Good Morning,

    Wonder if someone has come across the following problem:

    We call a legacy embedded browser component with a file location on the hard drive. (The file contains a post request that has been generated by our program)

    The file is written to my documents.

    D:\Users Documents\User1\My Documents\Req1.html

    The browser doesnt like the spaces in the directory.

    D:\Users Documents\Req1.html –> Fails

    D:\Users%20Documents\Req1.html –> Works

    So the spaces should eb escaped but the following fails:

    D:\Users%20Documents\User1\My%20Documents\Req1.html

    I tested it with other directories as well (custom C:\aa\ and C:\a a\) and the same result. It keeps failing if the file name has more than 1 space. The embedded browser component takes a simple string argument.

    I tried adding ‘ and ” around the input but that simply let the browser hangs.

    Any ideas on what i can try next?

    Thanks,

    Steven

  • Anonymous

    Escape | Escape Character Sequence | Character Sequence ———————–+———————– Space %20 | ; %3B & %26 | = %3D < %3C | ? %3F > %3E | @ %40 ” %22 | [ %5B # %23 | \ %5C $ %24 | ] %5D % %25 | ^ %5E ‘ %27 | ` %60 + %2B | { %7B , %2C | | %7C / %2F | } %7D : %3A | ~ %7E

    • We Rock Your Web

      Thanks for sharing those! We’ll add them right away.

  • Anonymous

    Hi, can any one share what is the Escape character for ‘(‘ and ‘)’ ??

    • Web Rocker

      The escape characters for left and right parenthesis are:

      * ( is (
      * ) is )

      • Isaac Gilmour

        Those are the HTML Escape characters, the URL escape characters are:

        ( is %28

        ) is %29

        Note: Javascript has a function “escape” which will convert normal text to URL escaped text, and “unescape” converts URL escaped text to normal text

  • Anonymous

    Hi, thanks for your great page. I was trying to … I dunno… trying to make sense out of urls, but I didn’t know what to replace some of the characters with, namely, %3B. You helped a lot. :)

    I guess I was trying to unobfuscate them? lol…. I found your page on google with the keywords search %3B replace html

    Have a nice day!

    Karen May Jones

  • Anonymous

    Good stuff. Do you also have a list of common html escape characters handy?

    • Alex

      I’m working on that – I’ll add it the next chance I get.

  • Anonymous

    Finally a list of URL escape characters I can read and make sense of. Your website layout actually makes the list readable, as opposed to some others I found. Thank you!!

  • Anonymous

    Thanks so much this really helped me a lot. Thanks again a lot.

  • ynca99

    Hi guys,

    I need some help about blocking weird characters like:

    ?D=<<<<< <<<<<foo”bar’204>>>>> in my htaccess file.

    Could you please give me a hand? Many thanks.

  • Anonymous

    As code used becomes higher and higher in terms the type of language it is and what it controls, these annoying little mistakes will also start to become things of the past. Of course, high program languages have their own downsides. If compilers and modern interfaces make languages too high, the problems they create will also be much higher. Essentially, this means that small things like escape characters will have a very high chance of being synced and operating correctly when they are updated, but when things go wrong they will go wrong on a major scale. Even worse, the higher that programming languages become, the easier it will become to miss problems or not realize they have occurred until the results have already made problems of their own.

    Therefore, we have a situation right now, in current coding times, where details need to take the forefront so that, as languages begin to coalesce and rise, all the details are taken care of and standards address all potential flaws elegantly and immediately. Ultimately, what will this mean? Well, I hope it means that you will only have to enter the URL escape characters right one time, and everything else will follow. Of course, this also means that if you enter it wrong once, everything will be wrong.

  • Anonymous

    Hi, can anyone share what the escape character is for a hyphen in the URL. This is urgent.

    • Web Rocker

      The hyphen doesn’t need to be escaped. Use it as is (ie. example.com/this-page).

  • Anonymous

    What will the future of coding look like? Will we be able to solve these errors more automatically in the future – at least with web scripting? Granted, the solution described here is relatively elegant and straightforward compared to the clumsier (but also, in certain situations, more useful) situations found in older or alternative types of coding. However, will the future bring a rosier hue to such coding misadventures? We can hope.

    Actually, we can do a lot more than hope, we can look ahead and forecast and plan, too. Some things are obvious to predict. For example, conversion services, such as making sure PSD can convert to XHTML or CSS will eventually become a thing of the past because of natural market evolution. Of course, they may be replaced with other types of conversion, but the result will still be (hopefully) an upswing in accuracy and reduced inefficiencies in coding. Another easy future to predict is one where web standards have become far more accepted and universal. This should not only boost accuracy, but also make it a lot easier to fix mistakes when they are found!

    In theory, we can also look forward to a greater amount of changeability. In other words, these simple changes will lead to fundamental greater changes in how code is used and, yes, reused. Authoring will become easier and easier until single authoring and device independence are not only realities but very common – common among the commercial sites and applications in demand today, not the small projects where single authoring has found its temporary niche. Eventually, the latest HTMLs and XMLs will resolve their differences as well, I suspect, though that’s quite a ways down the road.

    • a web rocker

      Provided that a suitable rocket miniaturization technology is developed we might also soon expect personal jet-packs.

      Essentially you’ve said nothing.

  • Anonymous

    %60 is not to be confused with %27

  • Anonymous

    Proper coding is key to the successful creation of websites, especially as scripting languages continue to develop and become more complex. A good framework and foundation will keep any web developer savvy enough to perform well and avoid costly mistakes. Small business owners should also keep this principle in mind. Just because someone is a web developer does not mean they are a good one. Just because someone can offer the solutions that you need to solve your web site problems does not mean they can do it without errors. When looking for a web developer, make sure they come with references you can check up on to ensure they know what they are talking about. Portfolios of finished work or programs can hide a lot of errors beneath their surface.

    Secure coding practices are vital to good site management. In addition to ensuring that all references to a code string match, practicing secure coding will help keep information safe. After making sure the data is error free and the code work is flowing smoothly, there is little else as important as making code secure there is no chance that someone can steal data from the site, either from the company or from the customers themselves. For example, coders should always be sure to validate inputs from all untrusted data sources. External data sources are a major cause of weaknesses in coding and should always be avoided whenever possible.

    Another good rule is to create design sites and software from the ground up for security issues. For example, if there are many subsystems, don’t give one privilege level the ability to access all subsystems. Take the time and assign different privilege levels to the subsystems as well. This will help issues on the employee side. When in doubt, make sure the code denies access or authorization, no matter what. While this may be annoying to some employees, it is one of the best ways to prevent people from taking advantage of poor coding.

    Also remember one of the great rules of coding at all times: keep it simple. Avoid replicating errors by ensuring the straightest line communication between different sources. This will not only keep your information far more free of errors, it will also help reduce the chances that an opening will be available to someone with malicious intent. Granted, web scripting can get complicated all on its own, and you probably have to deal with complex subsystems in even the most simple types of business software code, but the rule still applies, so try to follow it whenever possible.

    If security is very important to your organization, deal with it by assigning multiple security defense strategies. Work in several methods of keeping data safe instead of just one, and create in-depth methods of checking code for errors if you find yourself getting sloppy. One layer of security may catch what a first layer could not and keep your system safe. Ideally, you should use threat modeling to analyze systems for potential outside threats, but this is not always possible. Just try to always connect with a manager or business owner and explain the situation so you can define security requirements together.

  • Anonymous

    I have to change the URL. What should I do?

  • Anonymous

    This is a great list to get me started, thanks. But I know this can’t be all the URL escape characters. Is there any way you could post all of them? I’d be much obliged :)

    • We Rock Your Web

      Those are all the URL escape characters you should need. If there’s a specific one you’re looking for or you notice one that you’re missing, please comment and let us know – we’ll be happy to add it :)

  • Anonymous

    Nice – a nice concise table of URL escape characters, just what I was looking for. Now is there any way to get the entire list?

  • Anonymous

    Use escape(String); This is helpful in JavaScript. For more help just reply here.