What tags are removed by default?

script, iframe, object, embed, form, input, button, link (with rel=stylesheet), meta, base, and any tag with an on* event attribute.

Does this sanitizer run in my browser?

Yes, all processing happens client-side using the browser's own DOM parser — your HTML is never sent to a server.

Can I allow specific tags that are blocked by default?

Yes. Use the 'Allow tags' field to whitelist comma-separated tag names you want to keep even if they would normally be removed.

What is 'Strip all tags' mode?

It extracts plain text from the HTML, removing every single tag and leaving only the visible content.

Security Gratis Sin registro

HTML Sanitizer

Clean HTML and remove XSS / dangerous code

Cargando la herramienta…

Acerca de esta herramienta

Paste HTML containing potentially dangerous tags or attributes and get a safe, sanitized version back instantly. The sanitizer strips <script>, <iframe>, <object>, and <embed> tags, removes all on* event handlers, rewrites javascript: URLs, and highlights exactly what was removed so you can see every change. Advanced options let you allow or block specific tags and choose between full sanitization or 'text only' mode that strips all markup.

Cómo usar

1 Paste your HTML into the input area on the left.
2 The sanitized output appears on the right in real time.
3 Removed or modified nodes are highlighted in red in the diff view.
4 Use 'Allow tags' or 'Block tags' to tune the rules.
5 Toggle 'Strip all tags' to extract plain text only.
6 Click 'Copy Output' to copy the sanitized HTML.

Preguntas frecuentes

Herramientas relacionadas

Minificador HTML / CSS / JS

Minifique HTML, CSS y JavaScript para reducir el tamaño del archivo — se ejecuta completamente en su navegador.

Formateador y validador JSON

Formatea, valida y minifica JSON — con señalización exacta de errores de sintaxis.