Skip to content
Standards compliant HTML filter written in PHP
PHP HTML Other
Branch: master
Clone or download
snapshotpl and ezyang Add support for PHP 7.4 (#230)
* Add php7.4

* 7.4 cannot fail

* Disallow failures
Latest commit c6ca293 Sep 11, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
art [2.0.1] Implement haphazard error collection for AttrValidator. Jun 27, 2007
benchmarks .htaccess support apache 2.4+ (#190) Nov 11, 2018
configdoc Supported hundreds of nested HTML (#202) Jul 14, 2019
docs Supported hundreds of nested HTML (#202) Jul 14, 2019
extras Quarantine __autoload defs for PHP 7.2 compat Dec 30, 2017
library Fix DOM Lexer for PHP versions older than 5.4 (#225) Aug 9, 2019
maintenance Replace flush.php with a shell script, to appease #192 Nov 11, 2018
plugins Supported hundreds of nested HTML (#202) Jul 14, 2019
smoketests Mod: using stdClass instead of stdclass Jun 2, 2017
tests Method purifyArray() updated (#143) Jul 14, 2019
.gitattributes export-ignore .travis.yml Jan 19, 2017
.gitignore Improve gitignore. Oct 13, 2013
.travis.yml Add support for PHP 7.4 (#230) Sep 12, 2019
CREDITS Add vim modelines to all files. Dec 6, 2008
Doxyfile Release 4.10.0 Feb 23, 2018
INSTALL Delete references to PHP 5.1 in INSTALL. Nov 11, 2018
INSTALL.fr.utf8 Update PHP version in INSTALL (#195) Oct 24, 2018
LICENSE Add vim modelines to all files. Dec 6, 2008
NEWS Supported hundreds of nested HTML (#202) Jul 14, 2019
README.md Suggest stable Composer installation (#179) Jun 10, 2018
TODO Release 4.8.0 Jul 16, 2016
VERSION Release 4.10.0 Feb 23, 2018
WHATSNEW Fix SPDX identifier Feb 23, 2018
WYSIWYG Add vim modelines to all files. Dec 6, 2008
composer.json Adds PHP 7.3 to Travis (#214) Jul 14, 2019
package.php Add doxygen doc scripts, and fix package.php Jul 9, 2009
phpdoc.ini Add vim modelines to all files. Dec 6, 2008
test-settings.sample.php Update to work with Git version of SimpleTest. Mar 24, 2016
test-settings.travis.php Travis support. Oct 27, 2016
update-for-release Remove php extension from release1-update script, to appease #192 Nov 11, 2018

README.md

HTML Purifier Build Status

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.

Places to go:

  • See INSTALL for a quick installation guide
  • See docs/ for developer-oriented documentation, code examples and an in-depth installation guide.
  • See WYSIWYG for information on editors like TinyMCE and FCKeditor

HTML Purifier can be found on the web at: http://htmlpurifier.org/

Installation

Package available on Composer.

If you're using Composer to manage dependencies, you can use

$ composer require ezyang/htmlpurifier
You can’t perform that action at this time.