Occasionally I get the urge to perform a bit of (disclaimer: amusing and non-malicious!) cross-site scripting (XSS) against the odd site I find which is just begging to be abused. Here’s a tool to percent-encode all characters in a URL parameter.
URL/Percent-encoding is used to escape reserved characters in a URL when passing parameters around. For example, a GET parameter with an ampersand in it must be escaped since the browser would treat this character as starting the next variable.
Why would I want to do this? When playing around with XSS it’s nicer to hide the full payload in the URL rather than giving away hints as to what’s going to happen with all the unreserved characters still human readable.