Demo build: main DOMPurify: loading… HTML · SVG · MathML

DOMPurify Demo

Paste dirty markup, choose a preset, and inspect the sanitized string, rendered DOM, timing, and removed elements/attributes. The default preview is intentionally detection-oriented, so modal dialogs are not suppressed when testing bypasses.

npm License OpenSSF Best Practices OpenSSF Scorecard Downloads dependents npm package minimized gzipped size (select exports) Build & Test Socket Badge Cloudback
Options

Dirty HTML

0 chars

Clean HTML

0 chars

Clean DOM Preview

Detection mode: dialogs allowed

Detection mode mirrors the old demo behavior: sanitized output is rendered in the frame and dialogs may pop if a bypass executes. Safe preview restricts rendering for quieter inspection, but it is not the primary bypass signal.

Timing
Removed
Active config 
{}
Removed elements and attributes 
Sanitize something to inspect DOMPurify.removed.

Helper note: DOMPurify.removed is shown for curiosity and debugging only. Do not use it for security-critical decisions.