Skip to content
HTML Purifier is a standards-compliant HTML filter library written in PHP.
Branch: master
Clone or download
Pull request Compare This branch is 73 commits behind Exercise:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This bundle integrates HTMLPurifier into Symfony2.


Submodule Creation

Add HTMLPurifier and this bundle to your vendor/ directory:

$ git submodule add git:// vendor/bundles/Exercise/HTMLPurifierBundle
$ git submodule add git:// vendor/htmlpurifier

Class Autoloading

Register "HTMLPurifier" and the "Exercise" namespace prefix in your project's autoload.php:

# app/autoload.php

    'Exercise' => __DIR__'/../vendor/bundles',

    'HTMLPurifier' => __DIR__'/../vendor//htmlpurifier/library,

Application Kernel

Add HTMLPurifierBundle to the registerBundles() method of your application kernel:

# app/AppKernel.php

public function registerBundles()
    return array(
        // ...
        new Exercise\HTMLPurifierBundle\ExerciseHTMLPurifierBundle(),
        // ...


If you do not explicitly configure this bundle, an HTMLPurifier service will be defined as exercise_html_purifier.default. This behavior is the same as if you had specified the following configuration:

# app/config.yml

        Cache.SerializerPath: '%kernel.cache_dir%/htmlpurifier'

The default profile is special in that it is used as the configuration for the exercise_html_purifier.default service as well as the base configuration for other profiles you might define.

# app/config.yml

        Cache.SerializerPath: '%kernel.cache_dir%/htmlpurifier'
        Core.Encoding: 'ISO-8859-1'

In this example, a exercise_html_purifier.custom service will also be defined, which includes both the cache and encoding options. Available configuration options may be found in HTMLPurifier's configuration documentation.

Note: If you define a default profile but omit Cache.SerializerPath, it will still default to the path above. You can specify a value of null for the option to suppress the default path.

Cache Warming

When a path is supplied for HTMLPurifier's Cache.SerializerPath configuration option, an error is raised if the directory is not writable. This bundle defines a cache warmer service that will collect all Cache.SerializerPath options and ensure those directories exist and are writeable.

Form Data Transformer

This bundles provides a data transformer class for filtering form fields with HTMLPurifier. Purification is done during the reverseTransform() method, which means that client data will be filtered during binding to the form.

The following example demonstrates one possible way to integrate an HTMLPurifier transformer into a form by way of a custom field type:


namespace Acme\MainBundle\Form\Type;

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\DataTransformerInterface;
use Symfony\Component\Form\FormBuilder;

class PurifiedTextareaType extends AbstractType
    private $purifierTransformer;

    public function __construct(DataTransformerInterface $purifierTransformer)
        $this->purifierTransformer = $purifierTransformer;

    public function buildForm(FormBuilder $builder, array $options)

    public function getParent(array $options)
        return 'textarea';

    public function getName()
        return 'purified_textarea';

Additionally, we can define both the field type and transformer in the service container:

    <service id="acme.form.type.purified_textarea" class="Acme\MainBundle\Form\Type\PurifiedTextareaType">
        <argument type="service" id="acme.form.transformer.html_purifier" />
        <tag name="form.type" alias="purified_textarea" />

    <service id="acme.form.transformer.html_purifier" class="Exercise\HTMLPurifierBundle\Form\HTMLPurifierTransformer">
        <argument type="service" id="exercise_html_purifier.default" />

Additional documentation on data transformers may be found in the Symfony2 documentation.

Twig Filter

This bundles registers a purify filter with Twig. Output from this filter is marked safe for HTML, much like Twig's built-in escapers. The filter may be used as follows:

{# Filters text's value through the "default" HTMLPurifier service #}
{{ text|purify }}

{# Filters text's value through the "custom" HTMLPurifier service #}
{{ text|purify('custom') }}
You can’t perform that action at this time.