is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG - github 
, page , npm
It's also very simple to use and get started with. DOMPurify was started in February 2014 and, meanwhile, has reached version 2.3.0.
You can check the results here online: - https://cure53.de/purify
My explorations show that it is possible to sanitise svgs removing javascript. while retaining basic url links in the same svg. The package is higly configurable.
# Code
DOMPurify is written in JavaScript and works in all modern browsers (Safari (10+), Opera (15+), Internet Explorer (10+), Edge, Firefox and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on MSIE6 or other legacy browsers. It either uses a fall-back or simply does nothing.
Automated tests cover 17 different browsers right now, more to come. We also cover Node.js v14.15.1, v15.4.0, running DOMPurify on jsdom. Older Node.js versions are known to work as well.
DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not. For more details please also read about our Security Goals & Threat Model. Please, read it. Like, really.