DOMPurify
A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML, and SVG.
What is DOMPurify?
DOMPurify is a JavaScript library that sanitizes HTML, MathML, and SVG strings to prevent cross-site scripting (XSS) attacks. It takes potentially malicious user input and returns clean, safe markup by stripping out dangerous elements and attributes. The library is designed to be extremely fast, leveraging the browser's native DOM capabilities, and highly configurable to fit various security policies.
Web developers and security engineers who need to safely render user-generated HTML content in browsers or server-side applications, particularly those building forums, rich-text editors, or any application accepting untrusted markup.
Developers choose DOMPurify for its proven security track record, exceptional performance due to DOM-only processing, and extensive customization options that allow precise control over sanitization rules without compromising safety.
Overview
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Use Cases
Best For
- Sanitizing user-generated HTML in comment sections or forums
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
