Welcome to DOMPurify
Ensuring a secure and clean web experience for all
About DOMPurify
DOMPurify is a powerful and widely adopted JavaScript library designed to sanitize HTML, SVG, and MathML content on the client side. Its primary purpose is to safeguard applications against a range of injection-based threats, including cross-site scripting (XSS), DOM clobbering, and prototype pollution. By acting as a strict content filter, DOMPurify ensures that only safe and explicitly allowed elements and attributes are preserved, effectively neutralizing any embedded malicious code before it can compromise user security.
Whether you are developing a personal project or managing a large-scale application, our tools are designed to meet your needs. Discover the peace of mind that comes with using DOMPurify for a safer, cleaner web.
Services of DOMPurify
From implementation to ongoing support, we partner with you to ensure that your web applications are fortified against vulnerabilities. Experience unparalleled sanitization solutions tailored to your specific requirements.
HTML Sanitization Service
DOMPurify’s primary service is sanitizing user-supplied or third-party HTML content. It removes dangerous tags, attributes, and inline scripts, ensuring that the HTML is safe for rendering in the browser’s DOM.
DOMPurify Integration
Strengthen your web security with our comprehensive DOMPurify integration service, where we seamlessly incorporate our sanitization tools into your existing projects. Our solutions are designed to enhance security without compromising user experience.
URI Protocol Validation
DOMPurify checks and removes unsafe URI protocols in attributes like href, src, and xlink:href, blocking schemes like javascript:, data:, or vbscript: that are commonly used in XSS attacks.
Key Features of DOMPurify
Works in All Modern Browsers
Whether your users are on Chrome, Firefox, Safari, or Edge, DOMPurify runs smoothly across all major browsers with consistent results.
Strong XSS Protection
It automatically removes dangerous scripts and harmful attributes to protect your site from Cross-Site Scripting (XSS) attacks.
Compatible with Frontend Frameworks
DOMPurify works seamlessly with popular JavaScript frameworks like React, Vue, and Angular, making it easy to integrate into any project.
Easy to Use and Customize
You don’t need complex setup. With just one line, you can sanitize user input, and you can also fine-tune what HTML tags and attributes are allowed.
Actively Maintained
DOMPurify is open-source, regularly updated, and trusted by developers and companies worldwide, ensuring long-term support and reliability.
Fast and Lightweight
DOMPurify is built for speed. It processes and cleans HTML quickly without slowing down your website or app, even when handling large content.
Downloading
If you want to keep everything on your own computer or server (offline usage), you can download the file manually.
- Go to the official GitHub repository:
https://github.com/cure53/DOMPurify - On the GitHub page:
- Click the green “Code” button.
- Choose “Download ZIP”.
- Extract the ZIP file to your desired folder.
- Inside the extracted folder, you’ll find a file called
purify.min.jsin thedistdirectory.
This is the file you will use in your project.
Frequently Asked Questions (FAQs)
What is DOMPurify used for?
DOMPurify is a tool that cleans up HTML to make sure it doesn’t contain harmful code (like JavaScript viruses).
Do I need to install anything to use DOMPurify?
Not always. If you’re using a CDN (Content Delivery Network), you don’t need to install or download anything — just link to it. But if you want to use it offline, then manual download is required.
Where can I download DOMPurify?
You can download it from:
GitHub: https://github.com/cure53/DOMPurify
CDN sites like: https://cdnjs.com/libraries/dompurify
What file should I use from the DOMPurify download?
When you download DOMPurify, go to the dist folder and use:
purify.min.js→ This is the main file used for secure HTML cleaning. It’s already optimized and ready to use.
Is DOMPurify free to use?
Yes, DOMPurify is 100% free and open-source. You can use it in personal, commercial, or educational projects without paying anything.
Does DOMPurify work offline?
Yes. If you download the DOMPurify JavaScript file and include it in your website folder, it works without an internet connection. Ideal for secure environments or local development.
Can I use DOMPurify without knowing how to code?
Yes — at least for setup. You can add the file to your site or link via CDN without deep coding knowledge. But using it effectively (sanitizing content) requires some basic scripting, which a developer can help with.
Is it safe to use DOMPurify on a live website?
Absolutely. In fact, it is designed to improve website safety. It blocks harmful code from being displayed or executed, making your website more secure for users.
Can DOMPurify be updated automatically?
If you use it through a CDN, it can automatically stay updated when you use a version like latest. But if you download it manually, you’ll need to check for updates on the GitHub page and replace the old file yourself.
Does DOMPurify work on mobile websites?
Yes. DOMPurify works smoothly on mobile-friendly websites because it runs in the browser. It supports all modern mobile browsers like Chrome, Safari, and Firefox.
How big is the DOMPurify file?
DOMPurify is very lightweight. The minified version (purify.min.js) is typically less than 30 KB, making it fast to load and efficient for all websites, even with slower internet.
Can I remove or uninstall DOMPurify later?
Yes. If you added it manually, just delete the DOMPurify file from your folder. If you used a CDN, simply remove the link from your HTML file. It will no longer run on your website.
Is there a setup wizard or installer for DOMPurify?
No, there is no installer or wizard. DOMPurify is a JavaScript file. You either download it manually or add a CDN link. There’s no software to install on your computer.
Can I use DOMPurify with WordPress or other CMS platforms?
Yes, but you may need a developer’s help to integrate it properly with platforms like WordPress, Joomla, or Drupal. Some plugins also include built-in sanitizers that use similar tools.
Who maintains DOMPurify?
DOMPurify is developed and maintained by a team of security experts from Cure53, a well-known cybersecurity company. It’s also open-source, so many developers around the world contribute to keeping it secure and updated.