escape()
Don't use it, as it has been deprecated since ECMAScript v3.
encodeURI()
Use encodeURI when you want a working URL. Make this call:
encodeURI("http://www.google.com/a file with spaces.html")to get:
http://www.google.com/a%20file%20with%20spaces.html
Don't call encodeURIComponent since it would destroy the URL and return
http%3A%2F%2Fwww.google.com%2Fa%20file%20with%20spaces.html
encodeURIComponent()
Use encodeURIComponent when you want to encode a URL parameter.
param = encodeURIComponent('http://xyz.com/?a=12&b=55')
url = 'http://domain.com/?param=' + param ;
And you will get this complete URL:
http://www.domain.com/?param=http%3A%2F%2Fxyz.com%2F%Ffa%3D12%26b%3D55
Note that encodeURIComponent does not escape the ' character.
A common bug is to use it to create html attributes such as href='MyUrl', which could suffer an injection bug.
If you are constructing html from strings, either use " instead of ' for attribute quotes, or add an extra layer of encoding (' can be encoded as %27).
For more information on this type of encoding you can check: http://en.wikipedia.org/wiki/Percent-encoding