Pillar Guide
エンコードとデコードのワークフローガイド
Understand when to use Base64, URL encoding, HTML entities, or Unicode escapes, and what each one protects against.
Encoding is not one job. It is a set of context-specific transformations used to make content safe for transport, embedding, display, or storage. Confusing those contexts is one of the fastest ways to produce broken URLs, unreadable text, or escaped content that leaks into the UI.
Pick the right encoding for the boundary
Use URL encoding when the content becomes part of a query string or path segment. Use HTML entities when user-visible text will be inserted into markup and you need characters like angle brackets to render safely. Use Unicode escapes when a string must travel through a source-code or serialized representation. Use Base64 when a binary or plain-text payload needs a text-safe wrapper.
The most common failure modes
Double encoding is the classic bug: a value already escaped for a URL gets escaped again, and the downstream service receives garbage. Another common mistake is treating Base64 as encryption. It is reversible encoding, so it should never be used to hide secrets. Teams also forget that Base64 grows payload size by roughly one third, which matters for large inline assets.
- Encode at the boundary closest to output, not at the earliest moment possible.
- Keep one raw source string for debugging so you can see where corruption started.
- Treat any encoded secret as exposed unless it is separately encrypted.
A browser-friendly debugging routine
Decode the sample back into a human-readable form before you trust it. Compare encoded and decoded values side by side. If the text will later be embedded into HTML or pasted into a URL, test the exact destination context instead of assuming that successful decoding means the string is safe everywhere.
関連ガイド
ガイドとワークフロー
関連ツール
ツール一覧