Markdown Sanitizer
Remove potentially dangerous HTML from Markdown content. Strip XSS attack vectors, malicious scripts, and unsafe elements while preserving safe formatting. Powered by DOMPurify.
Continue Your Code Journey
What is Markdown Sanitizer?
Markdown Sanitizer removes unsafe HTML from Markdown before previewing, publishing, or testing user-submitted content. It strips script tags, iframe and object tags, event handler attributes, javascript URLs, and other risky markup while preserving common safe Markdown output. The sanitizer runs in the browser and reports what was removed.
How does Markdown Sanitizer work?
This tool parses rendered Markdown HTML through a DOM-based sanitizer. It keeps safe elements such as headings, paragraphs, links, lists, code, images, and tables, while removing elements and attributes that can execute JavaScript.
Key Features
- Removes script tags and event handlers
- Removes iframe and object tags
- Preserves safe HTML elements
- Configurable allowed tags
- Shows what was removed
- Copy sanitized output to clipboard
- Browser-based sanitization
- DOM-based sanitization
Common Use Cases
Processing user-submitted comments
Sanitize Markdown from user comments before rendering on a web page to prevent XSS attacks.
Rendering wiki content safely
Strip unsafe HTML from wiki pages submitted by users.
Preparing content for display
Sanitize Markdown before embedding it in a web page or email.
Auditing content security
Check Markdown for potentially malicious content before publishing.
How to Use This Tool
Paste Markdown
Paste Markdown that may contain embedded HTML or unsafe attributes.
Sanitize
Click Sanitize. The tool removes dangerous content.
Review what was removed
Check the report of what was stripped.
Copy the safe output
Copy the sanitized Markdown for rendering.
Pro Tips
- 1
Always sanitize user-submitted Markdown before rendering it on a web page.
- 2
The tool removes <script>, <iframe>, <object>, and event handler attributes.
- 3
Safe HTML tags like <p>, <a>, <img>, <strong>, <em> are preserved.
- 4
For production use, integrate a dedicated sanitization library like DOMPurify.
Frequently Asked Questions
What is removed?
Markdown sanitizer removes script tags, iframe and object tags, event handler attributes, javascript: URLs, and other potentially dangerous content.
Is my content sent to a server?
No. The Markdown is sanitized in your browser.
What HTML is preserved?
Safe tags including headings, paragraphs, links, images, lists, code blocks, tables, and basic formatting tags.
Can I configure allowed tags?
Yes. The tool lets you add or remove tags from the allowed list.
Is this enough for production?
For production, use a dedicated library like DOMPurify with server-side sanitization. This tool is useful for quick checks and development.