Skip to content

HTML Cleaner

Normalize an HTML fragment through the browser parser and optionally remove comment nodes without previewing or executing the result.

Privacy: your files never leave your device. All processing happens locally in your browser.

How to use

  1. 1.Paste an HTML fragment or document and decide whether Comment nodes should be removed.
  2. 2.Normalize, then review the body-only text output and the comment-removal count without executing it.
  3. 3.Copy the complete result only after deciding whether the destination also requires a real HTML sanitizer.

About HTML Cleaner

HTML Cleaner is a browser normalization and formatting aid, not a security sanitizer. Paste an HTML fragment or full document, choose whether to remove HTML comment nodes, and normalize it through DOMParser in text/html mode. The result is serialized from the parsed document body's innerHTML and displayed only in a read-only text area. The tool never inserts the normalized markup into the visible page, renders a live preview, executes parsed scripts, or uploads the input to Lizely. DOMParser documents have no browsing context and do not run scripts during parsing, but browsers may still download resources referenced by parsed iframe or img elements. Avoid pasting sensitive HTML containing remote resource URLs if those requests would disclose information to another host.

The browser HTML parser is deliberately forgiving. It can lowercase element names, quote attributes, insert implied elements such as tbody, repair some missing closing tags, and rearrange markup according to HTML tree-construction rules. Malformed HTML is therefore commonly repaired rather than rejected with an XML-style parser error. The tool reports parser API exceptions, missing body output, or invalid parser results, but it does not claim to be a strict HTML validator or promise that recovered structure matches the author's original intention.

Serialization is intentionally scoped to body.innerHTML. A complete input document may contain doctype, html, head, title, meta, link, style, and body sections, but the returned text contains only the parsed body's child markup. Doctype and the document shell are not copied. Head-only metadata is outside the output unless the HTML parser moves a particular token into the body under its standard recovery rules. Use a document-aware editor when the complete page shell must be preserved.

Comment removal is the only optional deletion rule. When enabled, the tool walks the parsed body and removes Comment nodes before serialization. When disabled, comments remain. It does not remove scripts, styles, iframes, forms, SVG, MathML, event-handler attributes, javascript URLs, remote URLs, inline CSS, data attributes, IDs, classes, or unknown elements. It does not rewrite URL schemes, enforce a content policy, or apply an allowlist.

That distinction matters for security. A result containing script or an onerror attribute remains dangerous if another application later injects it into a live page. DOMParser creates a separate document with scripting disabled, and this interface keeps the serialized result in a textarea, but copying the output into innerHTML, a CMS, an email template, or another execution context can activate behavior there. Use a maintained sanitizer configured for the destination context when processing untrusted HTML.

Input may contain at most 500,000 UTF-16 code units, and normalized output may contain at most 1,000,000. The raw input limit is checked before parsing. The complete body serialization is measured before a result is returned. Exact boundaries are accepted; boundary-plus-one values fail with explicit messages. Nothing is sliced, sampled, partially serialized, or silently switched to a different cleanup policy. An empty body after parsing or comment removal is a valid zero-length output.

HTML normalization is not a conventional pretty printer. DOMParser and innerHTML produce canonical browser serialization but do not promise indentation, line wrapping, attribute sorting, source whitespace preservation, or stable byte-for-byte output across every browser version. Text inside pre, textarea, script, and style follows HTML parsing rules and is not reformatted by a custom lexical pass. This avoids a naive formatter accidentally splitting raw-text content or changing DOM meaning.

Editing the input or changing the comment option immediately clears the previous result, error, statistics, copy status, and copy timer. Clipboard completion uses a generation number and mounted-state guard, so a late permission response from an older copy attempt cannot restore stale status after an edit, retry, or unmount. A denied clipboard request leaves the complete read-only output available for manual selection.

The WHATWG HTML Living Standard defines text/html tokenization and tree construction. MDN documents DOMParser's disabled-script behavior, possible iframe and img downloads, and the risk of later injecting parsed markup into an active DOM. MDN's innerHTML reference documents fragment serialization and related injection risks. Nine standard-authored fixtures cover tag and attribute normalization, missing close-tag repair, body-only scope, comment removal and retention, template content, deliberate preservation of script and event attributes, and table normalization.

Use this tool when you want to see how a browser normalizes a fragment, remove comments from otherwise unchanged parsed structure, or prepare body markup for manual review. Do not use it to validate standards conformance, secure user input, preserve a full document, beautify indentation, minify source, guarantee cross-browser byte identity, or prove that copied output is safe to publish.

Methodology & sources

Reject empty input and raw text above 500,000 UTF-16 code units before calling the parser. Parse with DOMParser using text/html, require a body, optionally remove only Comment nodes by traversing the body and nested template DocumentFragments, then serialize body.innerHTML. Validate the complete result at or below 1,000,000 code units before exposing it. Render output only through a controlled read-only textarea; never use innerHTML or a live preview. Disclose that scripting is disabled but DOMParser may still download resources referenced by iframe or img elements. Invalidate output and generation-guarded clipboard state on every edit or option change.

Frequently asked questions

Does this make untrusted HTML safe?
No. Scripts, event attributes, URLs, iframes, styles, and other active markup are preserved. Use a destination-aware sanitizer for untrusted content.
Why did malformed HTML produce output instead of an error?
The browser text/html parser is forgiving and repairs many syntax problems. This tool is not a strict validator.
Why are head and doctype missing?
The output scope is body.innerHTML, so the document shell and head-only metadata are intentionally outside the result.
Is the normalized HTML previewed or executed?
It is placed only in a read-only textarea, and parsed scripts do not run. No live HTML preview is created. However, the browser may still download resources referenced by iframe or img elements while DOMParser builds its separate document.

Developer Tools guides

View all