Test DOMPurify configs interactively. Paste HTML, pick a preset, and compare raw rendering (left) against DOMPurify.sanitize() output (right). All output is contained in sandboxed iframes so nothing escapes.
innerHTML:DOMPurify.sanitize():Probe-tagged HTML to deduce a target's DOMPurify config when you cannot see the source. Each probe carries id="P-..."; whichever ids and feature attributes survive the sanitiser tell you what is allowed. See dompurify-fingerprinting.md for the interpretation guide.
Configs lifted from popular open-source projects. Red border = this real-world config lets the example payload through. Green = the real-world config catches it. See dompurify-real-world-configs.md for sources.
Synthetic configs designed to isolate a single misconfig pattern. Every preset has been verified by running it through DOMPurify in Node - the description matches the actual sanitised output.