Ink·tab
all tools

Render · sanitize · block XSS

Preview HTML snippets inside a sandboxed iframe and get a cleaned-up version with scripts and inline handlers stripped.

0 removedRemoves '<script>', on* handlers, and javascript: URLs.
Preview
Sanitized HTML

Everything happens in your browser. Nothing is uploaded.

When to use it

Previewing a UI snippet, a newsletter template, or user-submitted HTML and checking whether it still contains active scripts. A quick sanity check before pasting into production.

How it works

Paste HTML on the left and it renders on the right inside a sandboxed iframe. An empty sandbox attribute means scripts never run and form submissions are blocked.

Switch to Sanitized mode at the top to strip <script>, on* event handlers, and javascript: / risky data: URLs. The cleaned markup shows up in both the preview and the copy-ready output box. Raw mode keeps the HTML untouched, but rendering still happens inside the sandbox.

Limitations

  • <style> blocks are also removed — the sanitizer is tuned for email-style inline CSS rather than full stylesheets.
  • If you paste a full document (<html>, <head>), only the <body> contents survive — a preview wrapper supplies its own chrome.

Where does your input go?

HTML parsing, preview, and sanitization all happen in your browser. Your markup is rendered inside a sandboxed iframe and never uploaded. Close the tab and it's gone.