What tags are removed by default?

script, iframe, object, embed, form, input, button, link (with rel=stylesheet), meta, base, and any tag with an on* event attribute.

Does this sanitizer run in my browser?

Yes, all processing happens client-side using the browser's own DOM parser — your HTML is never sent to a server.

Can I allow specific tags that are blocked by default?

Yes. Use the 'Allow tags' field to whitelist comma-separated tag names you want to keep even if they would normally be removed.

What is 'Strip all tags' mode?

It extracts plain text from the HTML, removing every single tag and leaving only the visible content.

Security Free No signup

HTML Sanitizer

Clean HTML and remove XSS / dangerous code

Loading tool…

About this tool

Paste HTML containing potentially dangerous tags or attributes and get a safe, sanitized version back instantly. The sanitizer strips <script>, <iframe>, <object>, and <embed> tags, removes all on* event handlers, rewrites javascript: URLs, and highlights exactly what was removed so you can see every change. Advanced options let you allow or block specific tags and choose between full sanitization or 'text only' mode that strips all markup.

How to use

1 Paste your HTML into the input area on the left.
2 The sanitized output appears on the right in real time.
3 Removed or modified nodes are highlighted in red in the diff view.
4 Use 'Allow tags' or 'Block tags' to tune the rules.
5 Toggle 'Strip all tags' to extract plain text only.
6 Click 'Copy Output' to copy the sanitized HTML.

Frequently Asked Questions

Related tools

HTML / CSS / JS Minifier

Minify HTML, CSS, and JavaScript to reduce file size — runs entirely in your browser.

JSON Formatter & Validator

Format, validate, and minify JSON — with syntax error pinpointing.