What tags are removed by default?

script, iframe, object, embed, form, input, button, link (with rel=stylesheet), meta, base, and any tag with an on* event attribute.

Does this sanitizer run in my browser?

Yes, all processing happens client-side using the browser's own DOM parser — your HTML is never sent to a server.

Can I allow specific tags that are blocked by default?

Yes. Use the 'Allow tags' field to whitelist comma-separated tag names you want to keep even if they would normally be removed.

What is 'Strip all tags' mode?

It extracts plain text from the HTML, removing every single tag and leaving only the visible content.

Security Gratuito Sem cadastro

HTML Sanitizer

Clean HTML and remove XSS / dangerous code

Carregando ferramenta…

Sobre esta ferramenta

Paste HTML containing potentially dangerous tags or attributes and get a safe, sanitized version back instantly. The sanitizer strips <script>, <iframe>, <object>, and <embed> tags, removes all on* event handlers, rewrites javascript: URLs, and highlights exactly what was removed so you can see every change. Advanced options let you allow or block specific tags and choose between full sanitization or 'text only' mode that strips all markup.

Como usar

1 Paste your HTML into the input area on the left.
2 The sanitized output appears on the right in real time.
3 Removed or modified nodes are highlighted in red in the diff view.
4 Use 'Allow tags' or 'Block tags' to tune the rules.
5 Toggle 'Strip all tags' to extract plain text only.
6 Click 'Copy Output' to copy the sanitized HTML.

Perguntas frequentes

Ferramentas relacionadas

Minificador de HTML / CSS / JS

Minifique HTML, CSS e JavaScript para reduzir o tamanho do arquivo — funciona inteiramente no seu navegador.

Formatador e validador JSON

Formate, valide e minifique JSON — com localização precisa de erros de sintaxe.