HTML Purifier

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.

Places to go:

See INSTALL for a quick installation guide
See docs/ for developer-oriented documentation, code examples and an in-depth installation guide.
See WYSIWYG for information on editors like TinyMCE and FCKeditor

HTML Purifier can be found on the web at: http://htmlpurifier.org/

Installation

Package available on Composer.

If you're using Composer to manage dependencies, you can use

$ composer require ezyang/htmlpurifier

Name	Name	Last commit message	Last commit date
Latest commit bytestream feat: PHP 8.4 support (#441 ) Mar 19, 2025 ff005f6 · Mar 19, 2025 History 1,719 Commits
.github/workflows	.github/workflows	feat: PHP 8.4 support (#441 )	Mar 19, 2025
art	art	[2.0.1] Implement haphazard error collection for AttrValidator.	Jun 27, 2007
benchmarks	benchmarks	fix: non-substantive typos (#434 )	Jan 14, 2025
configdoc	configdoc	feat: PHP 8.4 support (#441 )	Mar 19, 2025
docs	docs	fix: non-substantive typos (#434 )	Jan 14, 2025
extras	extras	PHP 8.1: fix various deprecations/errors in newest version of PHP (#310 )	Apr 8, 2022
library	library	feat: PHP 8.4 support (#441 )	Mar 19, 2025
maintenance	maintenance	fix: non-substantive typos (#434 )	Jan 14, 2025
plugins	plugins	fix: non-substantive typos (#434 )	Jan 14, 2025
smoketests	smoketests	fix: non-substantive typos (#434 )	Jan 14, 2025
tests	tests	feat: PHP 8.4 support (#441 )	Mar 19, 2025
.gitattributes	.gitattributes	feat: add semantic release (#307 )	Sep 18, 2022
.gitignore	.gitignore	Improve gitignore.	Oct 13, 2013
CREDITS	CREDITS	Add vim modelines to all files.	Dec 6, 2008
Doxyfile	Doxyfile	chore(release): 4.18.0 [skip ci]	Nov 1, 2024
INSTALL	INSTALL	fix: non-substantive typos (#434 )	Jan 14, 2025
INSTALL.fr.utf8	INSTALL.fr.utf8	Update PHP version in INSTALL (#195 )	Oct 24, 2018
LICENSE	LICENSE	Add vim modelines to all files.	Dec 6, 2008
NEWS	NEWS	fix: non-substantive typos (#434 )	Jan 14, 2025
README.md	README.md	PHP 8 Support (#297 )	Jul 20, 2021
TODO	TODO	fix: non-substantive typos (#434 )	Jan 14, 2025
VERSION	VERSION	chore(release): 4.18.0 [skip ci]	Nov 1, 2024
WYSIWYG	WYSIWYG	Add vim modelines to all files.	Dec 6, 2008
composer.json	composer.json	fix: Support PHP 8.4 (#396 )	Feb 22, 2024
package.php	package.php	feat: add semantic release (#307 )	Sep 18, 2022
phpdoc.ini	phpdoc.ini	Add vim modelines to all files.	Dec 6, 2008
release.config.js	release.config.js	fix: semantic release (#341 )	Sep 20, 2022
test-settings.sample.php	test-settings.sample.php	Run CSSTidy tests on CI (#338 )	Sep 15, 2022
update-for-release	update-for-release	feat: add semantic release (#307 )	Sep 18, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

HTML Purifier

Installation

About

Releases 3

Packages

Used by 201k

Contributors 94

Languages

License

ezyang/htmlpurifier

Folders and files

Latest commit

History

Repository files navigation

HTML Purifier

Installation

About

Resources

License

Stars

Watchers

Forks

Releases 3

Packages 0

Used by 201k

Contributors 94

Languages

Packages