Decode and encode Base64, URL, Hex, and HTML entities online
Got an opaque blob from a log, JWT, or webhook? Yellorn's Raw Text transforms decode and encode Base64, URL, hex, HTML entities, and escapes locally — and Smart Format auto-detects which one you need.
Decode an encoded string in your browser
When an opaque blob shows up in a log line, a JWT, a config value, or a webhook body, you need to know what it says. Yellorn's Raw Text transforms decode and encode the common wire encodings — Base64, URL/percent encoding, hex, HTML entities, and backslash escapes — entirely in your browser. Nothing is uploaded, so it is safe even for tokens and secrets.
What you can decode and encode
| Encoding | Encoded | Decoded |
|---|---|---|
| Base64 | aGVsbG8= | hello |
| URL / percent | a%20%26%20b | a & b |
| Hex | 68656c6c6f | hello |
| HTML entities | a & b | a & b |
| Backslash escapes | line1\nline2 | two lines |
Each decode has a matching encode, so the round-trip always works.
How to run a transform
- In the editor, set the format to Raw Text.
- Paste the encoded string.
- Open the Transform menu in the toolbar and pick a decode or encode row (e.g. Base64 Decode, URL Encode, Hex Decode).
The buffer is replaced with the result. A single Cmd/Ctrl + Z reverts it. Malformed input (a non-Base64 character, an odd-length hex string) shows a clear error toast instead of producing silent garbage.
Let Smart Format auto-detect the encoding
Not sure which decoder you need? On a Raw Text tab, press Smart Format and Yellorn inspects the buffer and applies the most likely transform for you — then tells you which one it chose (e.g. “Detected URL-encoded escape sequences”). Unambiguous markers like a %XX escape or an & entity are committed with high confidence; Base64 and hex are best-effort guesses based on the alphabet and length.
UTF-8 safe by design
Every Base64 and hex transform routes through the browser's TextEncoder / TextDecoder, so multi-byte UTF-8 — emoji, CJK, accented Latin — round-trips correctly. The naive btoa / atob approach silently corrupts anything outside Latin-1; Yellorn avoids that. Base64 decoding also accepts the URL-safe alphabet and tolerates missing = padding, so JWT payloads decode cleanly.
Frequently asked questions
How do I decode a Base64 string online?
Switch the Yellorn editor to Raw Text, paste the Base64, open the Transform menu, and choose Base64 Decode. The decoder is UTF-8 aware and accepts both the standard and URL-safe alphabets, even with the trailing = padding stripped (as JWT payloads often are). Everything runs in your browser.
Does it handle UTF-8, emoji, and non-Latin text?
Yes. Every Base64 and hex transform routes through TextEncoder/TextDecoder, so multi-byte UTF-8 sequences — emoji, CJK, accented Latin — round-trip correctly. The naive btoa/atob approach silently corrupts anything outside Latin-1; Yellorn avoids that.
Can Yellorn detect the encoding automatically?
Yes. On a Raw Text tab, Smart Format inspects the buffer and applies the most likely decoder — URL escapes, HTML entities, backslash escapes, Base64, or hex — and tells you which one it chose. Unambiguous markers like %XX or & are committed with high confidence; Base64/hex are best-effort guesses.
What encodings can it convert?
Base64 (decode and encode), URL/percent-encoding, hex bytes (compact or \x-prefixed), HTML/XML entities, and JS/JSON backslash escapes (\n, \t, \uHHHH). Each decode has a matching encode so the round-trip works, and malformed input shows a clear error instead of silent garbage.
Is it safe to decode tokens and secrets here?
Yes. The transforms are pure browser functions — your input is never sent to a server. That makes Yellorn safe for decoding a JWT payload, a Base64-encoded credential from a config file, or a percent-encoded webhook body that may contain sensitive data.
Related
Where to go next
Try a fix in the editor or browse more articles.