Encoder / Decoder

Encode text to Base64, Base32, HTML entities, or a JSON string and decode any of them back to plain text. Pick a format, then edit either side and the other updates as you type. Base64 has a URL-safe toggle, Base32 supports RFC 4648 and Crockford, HTML entities have a minimal or all-non-ASCII mode, and JSON String escapes quotes, backslashes, and newlines. Everything runs in your browser.

Code

Encode or decode Base64, Base32, HTML entities, and JSON strings in either direction. Pick a format, then edit either side and the other updates automatically. Base64 turns bytes into A-Z, a-z, 0-9, + and /. Flip URL-safe for tokens and query strings.

URL-safe output (- and _ instead of + and /, no padding)

Plain text

Base64

What this tool does

Four text encodings in one place. Base64 turns bytes into A-Z, a-z, 0-9, + and / (about 33% larger), the format behind data URIs and HTTP Basic auth. Base32 uses A-Z and 2-7 (about 60% larger), the alphabet behind TOTP/2FA secret keys. HTML entities escape characters like & < > so a browser shows them instead of running them. JSON String escapes quotes, backslashes, and newlines so text drops cleanly into a JSON value. Pick a format with the buttons up top.

How to use it

Type or paste plain text on the left to encode it, or paste an encoded string on the right to decode it back. Both sides update as you type, in whichever format you've selected. Switching format re-encodes your text so you don't lose it.

Format options

Base64: flip URL-safe to swap + and / for - and _ and drop padding, so the value survives in a URL or filename. Base32: choose standard RFC 4648 (A-Z + 2-7 with = padding, as in 2FA secrets) or Crockford (no I, L, O, U, unpadded, decode-tolerant). HTML entities: Minimal escapes only the five reserved markup characters, while All non-ASCII also converts every accented letter, symbol, and emoji to an entity for pure-ASCII output. JSON String: escape mode turns raw text into a JSON string body, decode mode resolves the backslash sequences back to the original.

When you'd reach for it

Embedding small images in CSS as data URIs, encoding payloads for JSON APIs, reading values from HTTP headers or cookies, generating or checking TOTP/2FA Base32 secrets, displaying code samples without the browser running them, and decoding entity-laden HTML you scraped so you can read it as normal text.