HTML Sanitizer

Sanitize and clean HTML by stripping XSS vectors, scripts, event handlers, and unwanted tags.

Home
> Formatter & Beautifier >
HTML Sanitizer

Input HTML

Remove <script>

Strip all script tags

Remove <style>

Strip style tags

Remove Events

Strip onclick, onload, etc.

Remove <iframe>

Strip iframe and embed tags

Remove <object>

Strip object, embed, applet

Strip Dangerous Attrs

javascript:, data:, etc.

Remove Comments

Strip HTML comments

Remove Links

Strip <a> tags

Remove Images

Strip <img> tags

Allowed Tags (comma separated, leave empty for all)

Sanitized HTML

Preview

Output preview will appear here...

What is XSS (Cross-Site Scripting)?

Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. HTML sanitization prevents XSS by removing or neutralizing dangerous HTML elements and attributes.

Frequently Asked Questions

Does this completely prevent XSS?

This tool provides strong protection against most XSS attack vectors, but no sanitizer is 100% foolproof. For production systems, use a server-side HTML purifier like HTMLPurifier and combine with a strong Content Security Policy (CSP) header. Always validate and sanitize user input on the server side.

Can I allow specific tags only?

Yes. The "Allowed Tags" field lets you specify exactly which HTML tags to keep. Any tags not in the list are removed. For maximum safety, restrict to only the tags you need.

How is sanitization performed?

Sanitization runs entirely in your browser using the native DOM parser. Your HTML input is never sent to any server, keeping your data private and secure.