The Sanitizer interface of the HTML Sanitizer API provides methods to sanitize untrusted strings of HTML, Document and DocumentFragment objects. After sanitization, unwanted elements or attributes are removed, and the returned objects can safely be inserted into a document's DOM.

A Sanitizer object is also used by the Element.setHTML() method to parse and sanitize a string of HTML, and immediately insert it into an element.

The default configuration strips out XSS-relevant input by default, including <script> tags, custom elements, and comments. This configuration may be customized using constructor options.

Sanitizer() Experimental

Creates and returns a Sanitizer object, optionally with custom sanitization behavior.

Sanitizer.sanitize() Experimental

Returns a sanitized DocumentFragment from an input Document or DocumentFragment

Sanitizer.sanitizeFor() Experimental

Parses a string of HTML in the context a particular element, and returns an HTML element of that type containing the sanitized subtree.

For examples see the HTML Sanitizer API and the individual methods.