PHPackages                             abacaphiliac/php-no-html - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Search &amp; Filtering](/categories/search)
4. /
5. abacaphiliac/php-no-html

ActiveLibrary[Search &amp; Filtering](/categories/search)

abacaphiliac/php-no-html
========================

Safely encode content for rendering in an HTML document.

0.2.0(9y ago)031MITPHPPHP &gt;=5.4

Since Aug 11Pushed 9y ago1 watchersCompare

[ Source](https://github.com/abacaphiliac/php-no-html)[ Packagist](https://packagist.org/packages/abacaphiliac/php-no-html)[ RSS](/packages/abacaphiliac-php-no-html/feed)WikiDiscussions master Synced 3w ago

READMEChangelog (2)Dependencies (5)Versions (4)Used By (0)

[![Scrutinizer Code Quality](https://camo.githubusercontent.com/bf92a591584a21891ca2023040c9ffab595872c6bd75fbd6b29b9a1f913db269/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f61626163617068696c6961632f7068702d6e6f2d68746d6c2f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/abacaphiliac/php-no-html/?branch=master)[![Code Coverage](https://camo.githubusercontent.com/d7c80f8f4b5835dda086fb616c7eccd5395c4796323e2febe8de428e60aa05eb/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f61626163617068696c6961632f7068702d6e6f2d68746d6c2f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/abacaphiliac/php-no-html/?branch=master)[![Build Status](https://camo.githubusercontent.com/822467dbdc1f28f28fb1e517faeb212cb4597c83b0787b9810d2536ff4b86042/68747470733a2f2f7472617669732d63692e6f72672f61626163617068696c6961632f7068702d6e6f2d68746d6c2e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/abacaphiliac/php-no-html)

abacaphiliac/php-no-html
========================

[](#abacaphiliacphp-no-html)

Description
-----------

[](#description)

Safely encode content for rendering in an HTML document.

Brief XSS Mitigation Guide
--------------------------

[](#brief-xss-mitigation-guide)

A quote from (Paragon Initiative's blog)\[\]:

1. If your framework has a templating engine that offers automatic contextual filtering, use that.
2. `echo htmlentities($string, ENT_QUOTES | ENT_HTML5, 'UTF-8');` is a safe and effective way to stop all XSS attacks on a UTF-8 encoded web page, but doesn't allow any HTML.
3. If your requirements allow you to use Markdown instead of HTML, don't use HTML.
4. If you need to allow some HTML and aren't using a templating engine (see #1), use HTML Purifier.

Installation
------------

[](#installation)

```
composer require abacaphiliac/php-no-html
```

Usage
-----

[](#usage)

The following code is an example of an XSS exploit:

```
$userName = 'Bob"/>alert('XSS');';
?>