Skip to main content
lab.golamrabbani.org

Base64 Encoder/Decoder

Encode or decode Base64 text safely with UTF-8 and an optional URL-safe variant.

Written by Golam Rabbani, Founder & Lead Engineer

How to use this base64 encoder/decoder

  1. Select "Encode" to convert plain text to Base64, or "Decode" to reverse a Base64 string.
  2. Check "URL-safe variant" if the result will appear in a URL, cookie, or filename.
  3. Paste or type your input into the text area labelled "Text to encode" or "Base64 to decode".
  4. Press the Encode or Decode button to run the conversion.
  5. Click "Copy result" to copy the output, or "Reset" to clear all fields.

About this base64 encoder/decoder

A base64 encoder converts arbitrary binary or text data into a string of 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). Because every 3 bytes of input map to 4 output characters, the encoded result is roughly 33 % larger than the original. The format appears everywhere binary data must travel through text-only channels: Data URIs that embed images in HTML, the header and payload segments of JSON Web Tokens, MIME email attachments, and HTTP Basic Auth credentials all rely on Base64.

This tool encodes and decodes using the browser's native `btoa`/`atob` functions wrapped with `TextEncoder` and `TextDecoder`, which means it handles UTF-8 correctly. Characters outside the ASCII range — accented letters, CJK characters, and emoji — are first serialised to their UTF-8 byte representation before encoding, matching the behaviour expected by modern APIs. On decode, `TextDecoder` with the `fatal` flag set rejects byte sequences that are not valid UTF-8 and surfaces an "Invalid Base64 input" error rather than silently producing garbage.

For a concrete example: the string `Ada Lovelace` encodes to the standard Base64 string `QWRhIExvdmVsYWNl`. Enabling the URL-safe variant replaces `+` with `-` and `/` with `_`, and strips the trailing `=` padding — safe to embed in a URL query parameter or JWT without percent-encoding.

All processing runs entirely in your browser; no data is sent to any server.

FAQ

What is a base64 encoder used for?
Base64 encoding lets binary data travel safely through text-only channels. Common uses include embedding images as Data URIs, transmitting JWT segments, encoding email attachments in MIME format, and passing credentials in HTTP Basic Auth headers.
What is the difference between standard Base64 and the URL-safe variant?
Standard Base64 uses the characters `+`, `/`, and `=` for padding, which have special meanings in URLs. The URL-safe variant replaces `+` with `-` and `/` with `_`, and strips the `=` padding so the result can appear in a URL, cookie, or filename without percent-encoding.
Why does UTF-8 handling matter for Base64 encoding?
The browser's built-in `btoa` function only accepts Latin-1 characters. This tool pre-converts input through `TextEncoder` to UTF-8 bytes before encoding, so emoji, accented letters, and any non-ASCII text encode correctly instead of throwing an error.
Does Base64 encryption protect my data?
No. Base64 is an encoding scheme, not encryption. Anyone who sees the encoded string can decode it instantly without a key. Do not use Base64 to secure sensitive information; use proper encryption for that purpose.
What happens if I paste invalid Base64 into the decode field?
The tool catches the error and displays "Invalid Base64 input" without producing any output. This covers both malformed character sequences and byte patterns that are not valid UTF-8.
Is this tool free, and does it store my data?
Yes, completely free with no sign-up required. All encoding and decoding runs in your browser using built-in Web APIs; nothing is transmitted to or stored on any server.