What tags are removed by default?

script, iframe, object, embed, form, input, button, link (with rel=stylesheet), meta, base, and any tag with an on* event attribute.

Does this sanitizer run in my browser?

Yes, all processing happens client-side using the browser's own DOM parser — your HTML is never sent to a server.

Can I allow specific tags that are blocked by default?

Yes. Use the 'Allow tags' field to whitelist comma-separated tag names you want to keep even if they would normally be removed.

What is 'Strip all tags' mode?

It extracts plain text from the HTML, removing every single tag and leaving only the visible content.

Security 無料サインアップ不要

HTML Sanitizer

Clean HTML and remove XSS / dangerous code

ツールを読み込み中…

このツールについて

Paste HTML containing potentially dangerous tags or attributes and get a safe, sanitized version back instantly. The sanitizer strips <script>, <iframe>, <object>, and <embed> tags, removes all on* event handlers, rewrites javascript: URLs, and highlights exactly what was removed so you can see every change. Advanced options let you allow or block specific tags and choose between full sanitization or 'text only' mode that strips all markup.

使い方

1 Paste your HTML into the input area on the left.
2 The sanitized output appears on the right in real time.
3 Removed or modified nodes are highlighted in red in the diff view.
4 Use 'Allow tags' or 'Block tags' to tune the rules.
5 Toggle 'Strip all tags' to extract plain text only.
6 Click 'Copy Output' to copy the sanitized HTML.

このツールについて

使い方

よくある質問