Skip to content
An implementation of PHP's strip_tags in Node.js
Branch: master
Clone or download
Latest commit 27a5dd9 Sep 22, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Add IE11 support using minimal polyfill Aug 26, 2017
test Fix AMD bindings and fix AMD test. Feb 5, 2017
.gitignore Update mocha version and rewrite tests. Feb 1, 2017
.travis.yml Ensure .travis.yml tests Node version 4+ Jan 18, 2017
LICENSE Bump the LICENSE year. Jan 18, 2017 Update example output Sep 22, 2018
bower.json Add bower.json Apr 24, 2016
index.d.ts add typings Nov 30, 2017
package.json v3.1.1 Dec 2, 2017

striptags Build Status

An implementation of PHP's strip_tags in Node.js.

Note: v3+ targets ES6, and is therefore incompatible with the master branch of uglifyjs. You can either:

  • use babili, which supports ES6
  • use the harmony branch of uglifyjs
  • stick with the 2.x.x branch


  • Fast
  • Zero dependencies
  • 100% test code coverage
  • No unsafe regular expressions


npm install striptags

Basic Usage

striptags(html, allowed_tags, tag_replacement);


var striptags = require('striptags');

var html =
    '<a href="">' +
        'lorem ipsum <strong>dolor</strong> <em>sit</em> amet' +

striptags(html, '<strong>');
striptags(html, ['a']);
striptags(html, [], '\n');


'lorem ipsum dolor sit amet'
lorem ipsum <strong>dolor</strong> sit amet'
'<a href="">lorem ipsum dolor sit amet</a>'
lorem ipsum 

Streaming Mode

striptags can also operate in streaming mode. Simply call init_streaming_mode to get back a function that accepts HTML and outputs stripped HTML. State is saved between calls so that partial HTML can be safely passed in.

let stream_function = striptags.init_streaming_mode(

let partial_text = stream_function(partial_html);
let more_text    = stream_function(more_html);

Check out test/striptags-test.js for a concrete example.


You can run tests (powered by mocha) locally via:

npm test

Generate test coverage (powered by istanbul) via :

npm run coverage

Doesn't use regular expressions

striptags does not use any regular expressions for stripping HTML tags.

Regular expressions are not capable of preventing all possible scripting attacks (see this). Here is a great StackOverflow answer regarding how strip_tags (when used without specifying allowableTags) is not vulnerable to scripting attacks.

You can’t perform that action at this time.