#xss

Make untrusted HTML safe to display. Send any HTML — a comment, a rich-text submission, a snippet from an email or a scraped page — and get back a clean, XSS-free version: <script> tags, inline event handlers (onclick, onerror), javascript: URLs, <iframe>, <style> and anything not on the allowlist are removed. Override the allowed tags and attributes to fit your needs, or drop links entirely. A strip endpoint returns plain text with all markup removed. Pure local sanitization — no key, no third-party service, instant. Live. 3 endpoints. Built for user-generated content, comment systems, rich-text editors, email rendering and any place untrusted HTML reaches a browser. Distinct from a Markdown renderer or an HTML data extractor.

api.oanor.com/htmlsanitize-api