Emoji in URLs

This is a low-priority issue and not really a problem per se. I am just curious about how it works and why one thing does not seem to work. I am trying to figure out what is different with this one thing and why they appears differently than the other things.

  1. This works (shows emoji in URL):
  2. This works (shows emoji in URL): https://tmp.42web.io/🔥/🍒/
  3. This works (shows emoji in URL):
  4. This works (shows emoji in URL):
  5. This DOESN’T work (shows URL encoding in address bar instead):
  6. This DOESN’T work (shows URL encoding in address bar instead):

Even though the URLs appear in the forum correctly, if you load the address in your browser, the last 2 show this for the URL:


So, what’s different about those last 2?

Is it a browser issue? Or a server issue? A unicode issue?

This is a dumb problem, for sure.

But, I am just curious why it doesn’t work the way I expected it to.

Had to test on my own and noticed that when I tap on the url bar to modify the url, all of those emojis appear URL encoded. It seems that the browser fails to show those codes as an emoji when it comes to certain ones.


Working for me!!


Look at the url bar, none of those emojis show.


Url bar automatically decode the ASCII values with respect to the emoji


Thanks for helping me to check. It may depend on which web browser you’re using and what platform you’re on. On my Windows 10 laptop using Vivaldi browser (Chrome based) some of the emoji appear in the URL. The only 2 that show as encoded values are the “Locked” and “Unlock” emoji. I have to do some more testing on different browsers / platforms.


I checked with Brave and have the same issue you’re having with the lock/unlock emojis.


Thanks for checking. I just find it strange that some of them appear in the URL on my browser but not others. It must makes me curious what the difference is. Usually things either work one way or they don’t. But, having it work sometimes makes troubleshooting harder. This is the way the URL’s appear on Windows 10 using Vivaldi browser (Chrome based):


This is how the “Locked” / “Unlocked” emoji appear in the same browser:


1 Like

Thanks for checking. It just seems odd that some emoji work correctly and others don’t.

This may be a mystery that I never figure out. :rofl:


Now I also found out with Firefox that the key emoji will show encoded as well (only on it though, not on Chromium-based browsers)!

Emojis are basically Unicode characters, and some Unicode characters might get URL-encoded by the browser when it reads the URL. That’s why @HELPINDIA was getting the URL encoded result in his URL bar.


I appreciate everyone taking a look. It definitely seems to be a browser issue. The server probably handles them all as unicode but, different browsers display the output differently. This was just a test I was doing to see how the server would handle emoji folders. I don’t really plan to do anything serious with this. I was just scratching my head trying to figure out what was different.


They all get encoded actually, like what I witnessed.


This seems to be a browser related “issue” to me. Although I wouldn’t be surprised if this was by design, seeing how you’re specifically having this issue with padlock emoji.

Many people have been taught to “look for the lock in the address bar to know the website is secure”.

So then some scammer publishes their page on http://🔒accounts.google.example.com or something like that, and someone less well versed sees “ah, there is a lock, so it must be safe!”, even though the connection is insecure.

There have been phishing attacks with special non-latin characters that makes things appear differently. Like someone setting up apple.com, but then the a was not the letter A, but some Greek (I think) character that looks like an a but is actually a different unicode character. So I fully understand that browser makers are cautious with unicode handling.


Is https really necessary to determine how safe a website is nowadays? The point of SSL is to encrypt the handled data between a client and the server in order to prevent problems such as data being read by MITM.
A scammer/phisher could set it up easily and make the website use https considering how easy it is to get an SSL certificate nowadays.

Speaking of unicode issues, here is an interesting example:


Nowadays, you’re right. But 10+ years ago, it was generally considered that HTTPS was only accessible to “trustworthy” sites.

Maybe it was a bad example on my end. But having the padlock in the URL itself could still be used to make people believe the connection is secure when it actually isn’t.

With modern browsers typically showing non-HTTPS sites with a red, broken padlock it should still be pretty obvious. But why run the risk of confusing people.


That makes a lot of sense and explains the behavior. I just randomly picked emoji and never thought about that aspect. I was thinking about developing a game. Thanks for the input.


To further support this, I noticed that Firefox does decode the unicode properly in the URL suggestions drop down.


Welcone to the forum. Thanks for the screenshot and taking a look. I think I’ll pick different emoji.

1 Like

one simple explaination is that these emojis can be used to impersonate ssl [which is basically lock symbols] and maybe hence they aren’t implemented intentionally as emojis in browsers url bar

Admin mentioned the exact same thing previously tho…?