Tutorials, deep-dives, and privacy-first thinking about developer tools.
Showing 1–7 of 7 posts
RFC 3986 names just 66 characters as unreserved — and most encoders mishandle the rest of printable ASCII. Here's what each one actually is, and why it matters.
A double-encoded URL is when a value runs through encodeURIComponent twice. Here's how to spot %2520 in seconds and fix the API bug it caused.
A 400 Bad Request usually traces to a URL decoding bug. Here's how to decode the query string, spot the broken character, and ship a fix in five minutes.
URL encode online without leaking auth tokens, S3 links, or password-reset codes. Here's where pasted URLs actually end up — and how to encode privately.
encodeURIComponent vs encodeURI trips up every JavaScript dev once — here's the actual rule, the characters each protects, and when to pick which in 2026.
Why URLs use + for spaces, when to use %20 instead, and how to encode a literal + as %2B. Covers the 30-year-old form-encoding quirk that still breaks emails with `+` in 2026.
URL encoding looks simple until your API drops a plus sign. Here's the real difference between component, URI, and form encoding — with code, fixes, and 2026 rules.