Hack me

The aim of this page is to test the robustness of our HTML sanitization procedure; we filter and allow a limited set of HTML tags, those listed here. You win if you manage to show a JavaScript alert on this page: you can write any contents whatever in the text area to test the procedure. Good luck!

The sources of the sanitization procedure are in Java and are available here under MIT license (i.e. completely free, just keep the attribution). There is also a blog post by Roberto Bicchierai (the main author of the code) detailing the ideas behind this sanitizer.

There is also a C# porting available here written by Beyers Cronje under the same license.


Your input sanitized:

C'mon.... try harder!
sanitizerhtml outputsource
.html Write your test here.
.text Write your test here.
.val It is not SAFE to print "sanitizer.val"

N.B. Note that if your script simply gets printed, you are not winning. For suggestion write us.