Markdown Sanitizer
Remove potentially dangerous HTML from Markdown content. Strip XSS attack vectors, malicious scripts, and unsafe elements while preserving safe formatting. Powered by DOMPurify.
Complete Guide: Markdown Sanitizer
Everything you need to know about using this tool effectively
The Markdown Sanitizer strips potentially dangerous content from Markdown text. It removes HTML script tags, event handlers (onclick, onerror), iframe tags, and other elements that could execute JavaScript. The sanitized output is safe for rendering on a web page. All processing happens in the browser.
This tool uses a DOM-based sanitizer to parse Markdown-rendered HTML and remove dangerous elements and attributes. It keeps safe HTML tags (headings, paragraphs, links, images, lists, code) while stripping scripts, iframes, and event handlers.
Processing user-submitted comments
Sanitize Markdown from user comments before rendering on a web page to prevent XSS attacks.
Rendering wiki content safely
Strip unsafe HTML from wiki pages submitted by users.
Preparing content for display
Sanitize Markdown before embedding it in a web page or email.
Auditing content security
Check Markdown for potentially malicious content before publishing.
Paste Markdown
Enter Markdown that may contain unsafe HTML.
Sanitize
Click Sanitize. The tool removes dangerous content.
Review what was removed
Check the report of what was stripped.
Copy the safe output
Copy the sanitized Markdown for rendering.
Always sanitize user-submitted Markdown before rendering it on a web page.
The tool removes <script>, <iframe>, <object>, and event handler attributes.
Safe HTML tags like <p>, <a>, <img>, <strong>, <em> are preserved.
For production use, integrate a dedicated sanitization library like DOMPurify.
What is removed?
Script tags, iframe and object tags, event handler attributes (onclick, onerror, etc.), javascript: URLs, and other potentially dangerous content.
Is my content sent to a server?
No. All sanitization happens in your browser. Nothing is transmitted.
What HTML is preserved?
Safe tags including headings, paragraphs, links, images, lists, code blocks, tables, and basic formatting tags.
Can I configure allowed tags?
Yes. The tool lets you add or remove tags from the allowed list.
Is this enough for production?
For production, use a dedicated library like DOMPurify with server-side sanitization. This tool is useful for quick checks and development.