Fast JavaScript customizable HTML Sanitizer, client-side (in the browser, no server actions required). This library can be used in OutSystems web applications, and also in OutSystems Mobile applications. It works also when the mobile application is offline.

Please note: to prevent XSS attacks, you should always sanitize input on the server too. Never trust the client!

The sanitizer uses whitelisting approach (as opposed to "blacklisting") to clean out everything that's not allowed. 

Speed

It uses browser/DOM to parse the html by creating an invisible "sandboxed" iframe (hence the browser "front-end only" requirement) which makes it much faster than "pure JavaScript" sanitizers, or server-side sanitizers.