URL encoding is commonly used to avoid cross-site scripting (XSS) attacks by encoding special characters in a URL. It converts a string into a valid URL format that makes the transmitted data more reliable and secure.

In this article, you'll learn how to encode or decode a URL string and query string parameters in a Node.js application.

URL Encoding

Since Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine, you can use JavaScript methods such as encodeURI() and encodeURIComponent() to encode a URL.

encodeURI Method

The encodeURI() method is used to encode a complete URL. This method encodes special characters except ~!$&@#*()=:/,;?+ characters:

const url = 'http://example.com/!Learn Node$/ Example';

// Encode complete URL
const encodedUrl = encodeURI(url);

// Print encoded URL
console.log(encodedUrl);

// http://example.com/!Learn%20Node$/%20Example

encodeURIComponent() Method

To encode special characters in URI components, you should use the encodeURIComponent() method. This method is suitable for encoding URL components such as query string parameters and not the complete URL.

Here is an example:

const baseUrl = 'http://example.com/search?q=';
const query = 'SELECT * from users WHERE id = 1';

// Encode query string
const encodedQuery = encodeURIComponent(query);

// Build full URL
const url = baseUrl + encodedQuery;

// Print full URL
console.log(url);

// http://example.com/search?q=SELECT%20*%20from%20users%20WHERE%20id%20%3D%201

querystring Module

You could also use the Node.js built-in querystring module to encode a URL. This module provides utility methods for parsing and formatting URL query strings:

const querystring = require('querystring');

const baseUrl = 'http://example.com/search?';
const query = 'SELECT * from users WHERE id = 1'

// Encode query string
const encodedQuery = querystring.stringify({ q: query });

// Build full URL
const url = baseUrl + encodedQuery;

// Print full URL
console.log(url);

// http://example.com/search?q=SELECT%20*%20from%20users%20WHERE%20id%20%3D%201

URL Decoding

URL decoding is the opposite of the encoding process. It converts the encoded URL strings and query parameters back to their normal formats.

JavaScript provides decodeURI() and decodeURIComponent() that can also be used in Node.js to perform URL decoding.

decodeURI Method

The decodeURI() method is used to decode a complete URL:

const encodedUrl = 'http://example.com/!Learn%20Node$/%20Example';

// Decode URL
const url = decodeURI(encodedUrl);

// Print URL
console.log(url);

// http://example.com/!Learn Node$/ Example

decodeURIComponent() Method

The decodeURIComponent() function is used to decode URL components:

const query = "Dankeschön für Ihre €100";

// perofrm encode/decode
const encodedStr = encodeURIComponent(query);
const decodedStr = decodeURIComponent(encodedStr);

// print values
console.log(`Encoded Query: ${encodedStr}`);
console.log(`Decoded Query: ${decodedStr}`);

// Output
// Encoded Query: Dankesch%C3%B6n%20f%C3%BCr%20Ihre%20%E2%82%AC100
// Decoded Query: Dankeschön für Ihre €100

✌️ Like this article? Follow me on Twitter and LinkedIn. You can also subscribe to RSS Feed.