Jump to a tool

Security

Local processing with sensible safeguards.

PasteTidy minimizes data exposure, but you should still treat every browser and device as part of your security boundary.

Built-in safeguards

  • No server endpoints accept tool input
  • No user-supplied JavaScript is executed
  • Untrusted text is written into textarea values, never injected as HTML
  • Download names are fixed by the tool instead of derived from pasted text
  • Regular expressions are length-limited and checked for common nested repetition risks
  • Large processing jobs move to a Web Worker so the main interface remains responsive

Be careful with secrets

Even though PasteTidy processes content locally, avoid pasting passwords, private keys, production access tokens, recovery codes, or highly sensitive personal data into any website. Browser extensions, compromised devices, screen sharing, and local malware are outside this application’s control.

Regular-expression limits

Regular-expression mode is intended for short, understandable patterns. PasteTidy rejects patterns that show common signs of catastrophic backtracking and caps regex input size, but no heuristic can prove that every expression is inexpensive.

Hosting and transport

The production site uses HTTPS, a restrictive Content Security Policy, clickjacking protection, MIME sniffing protection, a privacy-preserving referrer policy, and a limited browser permissions policy. Because the application is static, it does not require database credentials, API keys, or server-side secrets.