Sanitize PDF
Remove hidden data and personal information from your PDF files - 100% client-side
Remove potentially dangerous content from PDF files — JavaScript, embedded files, launch actions, and hidden metadata — before opening or distributing untrusted documents. Sanitization runs entirely in your browser.
PDF Sanitization: Removing Malicious and Hidden Content for Security
PDF is a complex format that can carry many types of active content beyond static text and images: JavaScript for form calculations and automatic actions, launch actions that execute external applications, URI actions that make HTTP requests, embedded files (including executable attachments), named JavaScript that runs on document open, and digital rights management actions. While most of these features have legitimate uses, they are also attack vectors — malicious PDFs have historically exploited PDF reader vulnerabilities through JavaScript, triggered unauthorized network requests, and installed malware through launch actions.
PDF sanitization systematically removes or neutralizes these active content types, producing a 'clean' version of the document containing only static presentational content: text, images, vector graphics, and passive annotations. The result is safe to open in any environment, forward to external parties, and index in document management systems without risk of active content execution.
Beyond active content, sanitization also removes metadata that could expose internal information: the Creator field revealing authoring software, revision history, embedded thumbnails with hidden drafts, and XMP properties containing internal IDs or workflow status.
Sanitize PDFs received from unknown senders
Remove all active content from external PDFs before opening them in secure environments or forwarding internally.
Prepare PDFs for compliance archiving
Strip JavaScript and embedded files from PDFs before ingesting them into document archives that prohibit active content.
Clean PDFs before public distribution
Remove internal metadata, revision history, and author information from documents before publishing them externally.
Secure email forwarding of external documents
Sanitize PDFs received from third parties before forwarding to prevent active content reaching sensitive internal recipients.
- 1
Upload the PDF to sanitize
Select the PDF file you want to clean. The tool will scan and report all active content and metadata types found in the document.
- 2
Review detected content
See a summary of JavaScript blocks, embedded files, external URI actions, launch actions, and metadata fields found — so you know exactly what will be removed.
- 3
Apply sanitization and download
Click Sanitize PDF to remove all detected active content and metadata, then download the clean static-only output PDF.
JavaScript removal
Strips all embedded JavaScript (document-level, form-level, and action-level) that could exploit reader vulnerabilities or perform unauthorized actions.
Embedded file extraction and removal
Detects and removes embedded file attachments that could contain executables or malware payload files.
Active action neutralization
Removes launch actions, URI actions, named actions, and other triggers that could execute code or make network requests.
Metadata and internal data scrubbing
Clears Document Info fields, XMP metadata, revision history thumbnails, and comments that contain sensitive internal information.
Found this tool useful?
Share your experience and help others discover it.