Standards compliant HTML filter written in PHP
PHP HTML XSLT CSS JavaScript Shell
Latest commit 65d5cde Mar 22, 2017 @ezyang committed on GitHub Merge pull request #130 from Izumi-kun/lexer-create-fix
Autoloading must be skipped while checking for php builtin class.
Permalink
Failed to load latest commit information.
art [2.0.1] Implement haphazard error collection for AttrValidator. Jun 27, 2007
benchmarks Don't use PHP4-style constructors Mar 17, 2016
configdoc Release 4.9.2 Mar 13, 2017
docs tel protocol support. Jul 1, 2016
extras PSR-2 reformatting PHPDoc corrections Aug 18, 2013
library Autoloading must be skipped while checking for php builtin class. Mar 20, 2017
maintenance Release 4.7.0. Aug 5, 2015
plugins PSR-2 reformatting PHPDoc corrections Aug 18, 2013
smoketests New smoketest for testing configuration HTML form. Jul 1, 2016
tests Add tests for new entity decoding codepath. Mar 13, 2017
.gitattributes export-ignore .travis.yml Jan 19, 2017
.gitignore Improve gitignore. Oct 13, 2013
.travis.yml Turn on 5.3 Travis testing. Mar 9, 2017
CREDITS Add vim modelines to all files. Dec 6, 2008
Doxyfile Release 4.9.2 Mar 13, 2017
INSTALL Don't suggest 777, only 775. Mar 27, 2016
INSTALL.fr.utf8 Remove BOM from file INSTALL.fr.utf8 It's only one file with BOM amon… Mar 25, 2016
LICENSE Add vim modelines to all files. Dec 6, 2008
NEWS Release 4.9.2 Mar 13, 2017
README.md [ci skip] Add a Travis build badge. Oct 27, 2016
TODO Release 4.8.0 Jul 16, 2016
VERSION Release 4.9.2 Mar 13, 2017
WHATSNEW Release 4.9.2 Mar 13, 2017
WYSIWYG Add vim modelines to all files. Dec 6, 2008
composer.json css properties: min-width, max-width, min-height, max-height Sep 5, 2016
package.php Add doxygen doc scripts, and fix package.php Jul 9, 2009
phpdoc.ini Add vim modelines to all files. Dec 6, 2008
release1-update.php Add vim modelines to all files. Dec 6, 2008
release2-tag.php Add vim modelines to all files. Dec 6, 2008
test-settings.sample.php Update to work with Git version of SimpleTest. Mar 24, 2016
test-settings.travis.php Travis support. Oct 27, 2016

README.md

HTML Purifier Build Status

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.

Places to go:

  • See INSTALL for a quick installation guide
  • See docs/ for developer-oriented documentation, code examples and an in-depth installation guide.
  • See WYSIWYG for information on editors like TinyMCE and FCKeditor

HTML Purifier can be found on the web at: http://htmlpurifier.org/

Installation

Package available on Composer.

If you're using Composer to manage dependencies, you can use

$ composer require "ezyang/htmlpurifier": "dev-master"