Sanitize is an allowlist-based HTML and CSS sanitizer. It removes all HTML and/or CSS from a string except the elements, attributes, and properties you choose to allow. Using a simple configuration syntax, you can tell Sanitize to allow certain HTML elements, certain attributes within those elements, and even certain URL protocols within attributes that contain URLs. You can also allow specific CSS properties, @ rules, and URL protocols in elements or attributes containing CSS. Any HTML or CSS that you don't explicitly allow will be removed. Sanitize is based on the Nokogiri HTML5 parser, which parses HTML the same way modern browsers do, and Crass, which parses CSS the same way modern browsers do. As long as your allowlist config only allows safe markup and CSS, even the most malformed or malicious input will be transformed into safe output.

Features

  • HTML fragments
  • HTML documents
  • CSS stylesheets inside HTML style elements
  • CSS properties inside HTML style attributes
  • Standalone CSS stylesheets
  • Standalone CSS properties

Project Samples

Sanitize Screenshot 1

Project Activity

See All Activity >

Categories

HTML/XHTML

License

MIT License

Follow Sanitize

Sanitize Web Site

You Might Also Like
Gen AI apps are built with MongoDB Atlas Icon
Gen AI apps are built with MongoDB Atlas

The database for AI-powered applications.

MongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
Start Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of Sanitize!

Additional Project Details

Programming Language

Ruby

Related Categories

Ruby HTML XHTML

Registered

2023-04-21
Report inappropriate content