A Complete Guide To URL Escape Characters

To sustain this free service, we receive affiliate commissions via some of our links. This doesn’t affect rankings. Our review process.

Spectacles on eye chartIn order to prevent the misinterpretation of special characters such as a space, bracket (< and >), or % in the URL (which stands for Uniform Resource Locator – it is the address you see in your browser’s address bar indicating the location of the website you are visiting), browsers parse certain special characters using URL escape characters.

This explains why when you click on a link such as: domain.com/page one.htm you see it parsed in the address bar as example.com/page%20one.htm. In this case the %20 is the escape character for the space.

Mass Find And Replace For Documents Or Web Pages

Chances are you’re looking up the code for a URL escape character because you’re a web designer, or at least building and designing your own web site. One of the biggest pains in web design can be the need to update a small piece of content on multiple pages.

In this case, if you’re needing to update a URL escape character, it will be a pain in the butt to have to open a dozen files individually and make the change. In comes FAR Find & Replace software. Why pay $100 for Homesite (the only other software that does reliable mass find and replace for HTML or CSS documents), when you can use opensource FAR for free?

It’s powerful and efficient, and compatible with Windows operating systems. It works with all documents, not just web page files. With it, you can change or update multiple web pages/files at once, including multiple instances of URL escape characters.

Whether it’s a link, a copyright notice, or simply a spelling mistake – you’ll be able to update hundreds of web pages or text documents at once, without having to edit edit each of them manually.

What You See Is What You Get (WYSIWYG) HTML Editor

If you’d like to take the hassle out of hand-coding your escape characters, checkout the free open source editor BlueGriffon HTML Editor. No technical knowledge required – what you see is what you get (WYSIWYG). In other words, if you’re familiar with using Word Processing software, you should have no problem using BlueGriffon to easily create web documents and web pages.

You can even create an entire website of your own from the bottom up – without any programming experience. We’re curious to hear how you like BlueGriffon, given that there are many other solutions available. Let us know in the comments, we want to post the best option here for our readers.

Common URL Escape Characters

Table of URL Escape Characters
Character Escape Character Character Escape Character
Space %20 # %23
$ %24 % %25
& %26 @ %40
` %60 / %2F
: %3A ; %3B
< %3C = %3D
> %3E ? %3F
[ %5B \ %5C
] %5D ^ %5E
{ %7B | %7C
} %7D ~ %7E
%22 %27
+ %2B , %2C


Good Coding Practice

It is good coding practice to avoid the need for URL escape characters. As a rule of thumb, avoid using the special characters above when formulating a URI string (filename), and I recommend using the hyphen (-) instead of the underscore (_) (as all search engines recognize the hyphen as a space separator, but the same is not true for the underscore.

And older browsers do not correctly interpret the underscore in CSS). If you must use the above characters make sure to escape them using the above escape characters so when the browser parses your code it will not misinterpret the link. It’s important to note that these URL escape characters differ from HTML escape characters.

Looking For HTML (XHTML) Escape Characters?

Visit our page on HTML Escape Characters for a list of valid HTML (and XHTML) escape characters.

Anything we missed in the list above?

About The Author:

Alex has been involved on the business side of the internet since the early 2000's. He holds both a Management Science degree from the University of California at San Diego as well as a Computer Science degree from NJIT.

We Rock Your Web had its roots back in 2004 as the tech blog for a web design and development company Alex founded that has grown and evolved into the parent company of We Rock Your Web.

While his foundation is rooted in web development, his expertise today lies in content and digital marketing, SEO, organic and paid search, analytics, and publishing. Alex is an avid tennis player, nature enthusiast, and hiker, and enjoys spending time with his wife, friends, and dogs.

Disclaimer: This website contains reviews, opinions and information regarding products and services manufactured or provided by third parties. We are not responsible in any way for such products and services, and nothing contained here should be construed as a guarantee of the functionality, utility, safety or reliability of any product or services reviewed or discussed. Please follow the directions provided by the manufacturer or service provider when using any product or service reviewed or discussed on this website.

Notify of
Oldest Most voted
Inline Feedbacks
View all comments

try this tool where you enter a character and it gives you the escape https://www.urlencoder.org/

How can I skip @ in url?

this might be fairly late… but the link you have to the elRTE editor leads to some sleazy site…

Hi Alex, thank you so much for putting this handy list together. I’m not a coder, hence, it helps so much when tweaking the permalink to match with headline.

You’re very welcome Margit, glad you found it useful!

Hi guys,

I need some help about blocking weird characters like:

?D=<<<<< <<<<<foo”bar’204>>>>> in my htaccess file.

Could you please give me a hand? Many thanks.

As code used becomes higher and higher in terms the type of language it is and what it controls, these annoying little mistakes will also start to become things of the past. Of course, high program languages have their own downsides. If compilers and modern interfaces make languages too high, the problems they create will also be much higher. Essentially, this means that small things like escape characters will have a very high chance of being synced and operating correctly when they are updated, but when things go wrong they will go wrong on a major scale. Even worse, the higher that programming languages become, the easier it will become to miss problems or not realize they have occurred until the results have already made problems of their own.

Therefore, we have a situation right now, in current coding times, where details need to take the forefront so that, as languages begin to coalesce and rise, all the details are taken care of and standards address all potential flaws elegantly and immediately. Ultimately, what will this mean? Well, I hope it means that you will only have to enter the URL escape characters right one time, and everything else will follow. Of course, this also means that if you enter it wrong once, everything will be wrong.

What will the future of coding look like? Will we be able to solve these errors more automatically in the future – at least with web scripting? Granted, the solution described here is relatively elegant and straightforward compared to the clumsier (but also, in certain situations, more useful) situations found in older or alternative types of coding. However, will the future bring a rosier hue to such coding misadventures? We can hope.

Actually, we can do a lot more than hope, we can look ahead and forecast and plan, too. Some things are obvious to predict. For example, conversion services, such as making sure PSD can convert to XHTML or CSS will eventually become a thing of the past because of natural market evolution. Of course, they may be replaced with other types of conversion, but the result will still be (hopefully) an upswing in accuracy and reduced inefficiencies in coding. Another easy future to predict is one where web standards have become far more accepted and universal. This should not only boost accuracy, but also make it a lot easier to fix mistakes when they are found!

In theory, we can also look forward to a greater amount of changeability. In other words, these simple changes will lead to fundamental greater changes in how code is used and, yes, reused. Authoring will become easier and easier until single authoring and device independence are not only realities but very common – common among the commercial sites and applications in demand today, not the small projects where single authoring has found its temporary niche. Eventually, the latest HTMLs and XMLs will resolve their differences as well, I suspect, though that’s quite a ways down the road.

Provided that a suitable rocket miniaturization technology is developed we might also soon expect personal jet-packs.

Essentially you’ve said nothing.

Proper coding is key to the successful creation of websites, especially as scripting languages continue to develop and become more complex. A good framework and foundation will keep any web developer savvy enough to perform well and avoid costly mistakes. Small business owners should also keep this principle in mind. Just because someone is a web developer does not mean they are a good one. Just because someone can offer the solutions that you need to solve your web site problems does not mean they can do it without errors. When looking for a web developer, make sure they come with references you can check up on to ensure they know what they are talking about. Portfolios of finished work or programs can hide a lot of errors beneath their surface.

Secure coding practices are vital to good site management. In addition to ensuring that all references to a code string match, practicing secure coding will help keep information safe. After making sure the data is error free and the code work is flowing smoothly, there is little else as important as making code secure there is no chance that someone can steal data from the site, either from the company or from the customers themselves. For example, coders should always be sure to validate inputs from all untrusted data sources. External data sources are a major cause of weaknesses in coding and should always be avoided whenever possible.

Another good rule is to create design sites and software from the ground up for security issues. For example, if there are many subsystems, don’t give one privilege level the ability to access all subsystems. Take the time and assign different privilege levels to the subsystems as well. This will help issues on the employee side. When in doubt, make sure the code denies access or authorization, no matter what. While this may be annoying to some employees, it is one of the best ways to prevent people from taking advantage of poor coding.

Also remember one of the great rules of coding at all times: keep it simple. Avoid replicating errors by ensuring the straightest line communication between different sources. This will not only keep your information far more free of errors, it will also help reduce the chances that an opening will be available to someone with malicious intent. Granted, web scripting can get complicated all on its own, and you probably have to deal with complex subsystems in even the most simple types of business software code, but the rule still applies, so try to follow it whenever possible.

If security is very important to your organization, deal with it by assigning multiple security defense strategies. Work in several methods of keeping data safe instead of just one, and create in-depth methods of checking code for errors if you find yourself getting sloppy. One layer of security may catch what a first layer could not and keep your system safe. Ideally, you should use threat modeling to analyze systems for potential outside threats, but this is not always possible. Just try to always connect with a manager or business owner and explain the situation so you can define security requirements together.

Hi, can anyone share what the escape character is for a hyphen in the URL. This is urgent.

The hyphen doesn’t need to be escaped. Use it as is (ie. example.com/this-page).

Hi, can any one share what is the Escape character for ‘(‘ and ‘)’ ??

The escape characters for left and right parenthesis are:

* ( is (
* ) is )

Those are the HTML Escape characters, the URL escape characters are:

( is %28

) is %29

Note: Javascript has a function “escape” which will convert normal text to URL escaped text, and “unescape” converts URL escaped text to normal text

What is the URL escape character for *?

Hi, thanks for your great page. I was trying to … I dunno… trying to make sense out of urls, but I didn’t know what to replace some of the characters with, namely, %3B. You helped a lot. 🙂

I guess I was trying to unobfuscate them? lol…. I found your page on google with the keywords search %3B replace html

Have a nice day!

Karen May Jones

Thanks so much this really helped me a lot. Thanks again a lot.

Escape | Escape Character Sequence | Character Sequence ———————–+———————– Space %20 | ; %3B & %26 | = %3D < %3C | ? %3F > %3E | @ %40 ” %22 | [ %5B # %23 | \ %5C $ %24 | ] %5D % %25 | ^ %5E ‘ %27 | ` %60 + %2B | { %7B , %2C | | %7C / %2F | } %7D : %3A | ~ %7E

Thanks for sharing those! We’ll add them right away.

I have to change the URL. What should I do?

This is a great list to get me started, thanks. But I know this can’t be all the URL escape characters. Is there any way you could post all of them? I’d be much obliged 🙂

Those are all the URL escape characters you should need. If there’s a specific one you’re looking for or you notice one that you’re missing, please comment and let us know – we’ll be happy to add it 🙂

Good Morning,

Wonder if someone has come across the following problem:

We call a legacy embedded browser component with a file location on the hard drive. (The file contains a post request that has been generated by our program)

The file is written to my documents.

D:\Users Documents\User1\My Documents\Req1.html

The browser doesnt like the spaces in the directory.

D:\Users Documents\Req1.html –> Fails

D:\Users%20Documents\Req1.html –> Works

So the spaces should eb escaped but the following fails:


I tested it with other directories as well (custom C:\aa\ and C:\a a\) and the same result. It keeps failing if the file name has more than 1 space. The embedded browser component takes a simple string argument.

I tried adding ‘ and ” around the input but that simply let the browser hangs.

Any ideas on what i can try next?



%60 is not to be confused with %27

Nice – a nice concise table of URL escape characters, just what I was looking for. Now is there any way to get the entire list?

Great article. Question is – do URL escape characters matter in Windows Explorer? In other words, can I name a folder “Folder Name”, or should I name it “Folder-Name”?

That’s a great question. The answer depends on whether the folders will ever be hosted online. In other words, if someone tries to access the folder or files via a web browser, the spaces will be interpreted as characters. In the Windows environment alone, however, there is no need to replace spaces with hyphens.

Use escape(String); This is helpful in JavaScript. For more help just reply here.

Finally a list of URL escape characters I can read and make sense of. Your website layout actually makes the list readable, as opposed to some others I found. Thank you!!


Our HTML (and XHTML) Escape Characters List is finally complete. Click the link in the article above to access the page.

Good stuff. Do you also have a list of common html escape characters handy?

I’m working on that – I’ll add it the next chance I get.

I want to add the + (plus) character to my URL. How can I do this?

Hi Juju,

You can either use the + character directly, or escape it with %2B. If you want to use the plus character in the host part of your domain name (ie. host+.com), I’m afraid you’ll be unable to do so.

Alex, what about %25? It is the percentage symbol itself. All other characters are transformed just fine but several sites break when the %25 is called.

Which part of the URL are you applying the %25 to? It should work in the path, but will not in the host (ie. host.com/path). Because the % character serves as the indicator for percent-encoded octets (ie. %22 is “), it can be escaped with %25.