HTML Sanitizer & XSS Checker

Paste your HTML, instantly detect XSS vulnerabilities, and sanitize dangerous code. Free, client-side, no data leaves your browser.

Test with:
Security Score
Enter HTML to analyze

Input HTML

Sanitized Output

Sanitized HTML will appear here
🛡

XSS Detection Engine

Identifies script injections, event handlers, javascript: URIs, data: URI exploits, and other cross-site scripting vectors with detailed explanations.

Smart Sanitization

Removes dangerous tags and attributes while preserving safe content. Configurable options let you control what gets kept.

📊

Visual Diff & Scoring

See exactly what changed with red/green diff highlighting. Get an instant security score for any HTML snippet.

🔒

100% Client-Side Privacy

Everything runs in your browser. No HTML is sent to any server. Your code never leaves your machine.

Frequently Asked Questions

What is XSS and why should I sanitize HTML?
Cross-Site Scripting (XSS) is a security vulnerability where attackers inject malicious scripts into web pages viewed by other users. Sanitizing HTML removes dangerous elements like <script> tags, event handlers (onclick, onerror), and javascript: URLs before rendering user-generated content, preventing these attacks.
What HTML elements and attributes are removed?
The sanitizer removes dangerous tags: <script>, <iframe>, <object>, <embed>, and <form>. It strips all on* event handlers (onclick, onload, onerror, onmouseover, etc.), javascript: URLs, and data: URLs in script contexts. Images, links, and basic formatting are preserved by default.
Is my HTML data sent to any server?
No. This tool runs entirely in your browser using client-side JavaScript. No data is transmitted to any server. You can even use it offline once the page has loaded. Your HTML code stays completely private on your machine.

Related Security Tools

HTML Sanitizer

XSS Checker & Cleaner

Regex Tester

Test & debug patterns

JWT Decoder

Decode & inspect tokens