Text-Converters

HTML Sanitizer

Strip dangerous tags, event handlers, and scripts from HTML. Keep only the safe markup you choose. Runs entirely in your browser — your HTML is never sent to a server.

Sanitization Options

Allow these tag groups:

HTML Input

0 characters

Sanitized Output

0 characters

About the HTML Sanitizer

When you accept HTML from an untrusted source — a user-submitted comment, scraped web content, a third-party API, or a rich-text editor — you risk including dangerous markup that can harm your users or your site. Cross-site scripting (XSS) attacks typically exploit <script> tags, on* event handler attributes, and javascript: URLs to inject malicious code into a page. This tool lets you paste raw HTML and strip those attack vectors before the content is used anywhere. You can choose to remove all tags and get plain text, or preserve safe structural and formatting tags while blocking everything dangerous. All processing happens locally in your browser — your HTML is never sent to a server.

How to Use This Tool

  1. Configure your options — decide whether you want to strip all tags completely (for plain text output) or keep safe tag groups like inline formatting and block structure.
  2. Enable "Strip event handlers" (recommended) — this removes all onclick, onmouseover, and other event attributes, as well as javascript: URLs.
  3. Paste your HTML into the input box on the left.
  4. Click "Sanitize HTML" — the cleaned output appears on the right, along with a count of removed tags.
  5. Check the preview — switch between "Rendered" and "Source" tabs to verify the output looks right.
  6. Copy the result using the copy icon.

Common Use Cases

  • Cleaning user-submitted content: Before storing or displaying comments, reviews, or forum posts, sanitize the HTML to prevent XSS attacks from being stored in your database.
  • Processing scraped HTML: When extracting content from third-party websites, remove unwanted tags, scripts, and navigation elements to isolate the main article text.
  • Preparing content for email templates: Email clients do not support many HTML tags. Strip unsupported tags and scripts before pasting content into an email builder.
  • Extracting plain text: Use the "Strip all tags" option to remove every HTML tag and get raw text content from an HTML document — useful for search indexing, text analysis, or feeding content to an AI model.
  • Auditing third-party widgets: Paste the HTML from a third-party embed snippet to quickly check whether it contains event handlers or external scripts you were not expecting.

Related Tools
HTML to Markdown Converter
Convert HTML to Markdown.
URL & HTML Encoder / Decoder
Encode or decode URL percent-encoded strings and HTML entities. Two tools in one — fully browser-based.
DOCX to HTML Converter
Convert DOCX files to HTML.
Regex Tester
Test your regular expressions with real-time match highlighting.