website/index.html
ExampleUpstream test vectorsBasic img onerrorSVG onloadMathML link payloadDOM clobbering-ish markupHarmless rich text
PresetDefault: HTML + SVG + MathMLHTML onlyStrict: b, i, em, strong, aTemplate-safe helperTrusted Types return value
Options Auto-run jQuery sink Safe preview
Sanitize
0 chars
0 chars
Detection mode: dialogs allowed
Detection mode mirrors the old demo behavior: sanitized output is rendered in the frame and dialogs may pop if a bypass executes. Safe preview restricts rendering for quieter inspection, but it is not the primary bypass signal.
Timing –
Removed –
Active config
{}
Removed elements and attributes
Sanitize something to inspect DOMPurify.removed.
Helper note: DOMPurify.removed is shown for curiosity and debugging only. Do not use it for security-critical decisions.