The Sanitizer API wants to build an HTML Sanitizer right into the web platform. The goal is to make it easier to build XSS-free web applications. The intended contributions of the Sanitizer API are: Making a sanitizer more easily accessible to web developers; be easy to use and safe by default; and shift part of the maintenance burden to the platform

Motivation

User input sanitization is a necessary and common activity of many web applications, but it's difficult to get right. As a component of the web platform it's easier to harden the sanitizer implementation and keep it up-to-date. Offering a high-quality sanitizer with good defaults (without blocking developers from using their own, if they choose) would improve security, and make it more accessible.

Specification

Editor's draft

Status in Chromium

Blink>SecurityFeature


In development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owners

Last updated on 2021-03-18