W3cubDocs

/Web APIs

Sanitizer

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The Sanitizer interface of the HTML Sanitizer API provides methods to sanitize untrusted strings of HTML, Document and DocumentFragment objects. After sanitization, unwanted elements or attributes are removed, and the returned objects can safely be inserted into a document's DOM.

A Sanitizer object is also used by the Element.setHTML() method to parse and sanitize a string of HTML, and immediately insert it into an element.

The default configuration strips out XSS-relevant input by default, including <script> tags, custom elements, and comments. This configuration may be customized using constructor options.

Constructors

Sanitizer() Experimental

Creates and returns a Sanitizer object, optionally with custom sanitization behavior.

Instance methods

Sanitizer.sanitize() Experimental

Returns a sanitized DocumentFragment from an input Document or DocumentFragment

Sanitizer.sanitizeFor() Experimental

Parses a string of HTML in the context a particular element, and returns an HTML element of that type containing the sanitized subtree.

Examples

For examples see the HTML Sanitizer API and the individual methods.

Specifications

Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
Sanitizer 105–119 105–119 83 No 91 No 105 105–119 No 72 No 20.0
Sanitizer 105–119 105–119 83 No 91 No 105 105–119 No 72 No 20.0
getConfiguration 105–119 105–119 No No 91 No 105 105–119 No 72 No 20.0
getDefaultConfiguration_static 105–119 105–119 No No 91 No 105 105–119 No 72 No 20.0
sanitize 93–119 93–119 83 No 79 No No 93–119 No No No No
sanitizeFor 93–119 93–119 No No 79 No No 93–119 No No No No

© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Sanitizer