PHPackages                             baddiservices/safehtml - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. baddiservices/safehtml

ActiveLibrary[Security](/categories/security)

baddiservices/safehtml
======================

Safe HTML package help to prevent XSS vulnerability via HTML content

v0.0.8(3y ago)1121MITPHPPHP &gt;=7.4

Since Apr 28Pushed 3y agoCompare

[ Source](https://github.com/5baddi/safe-html)[ Packagist](https://packagist.org/packages/baddiservices/safehtml)[ RSS](/packages/baddiservices-safehtml/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (1)Versions (9)Used By (0)

Safe HTML
=========

[](#safe-html)

[![Licence](https://camo.githubusercontent.com/2eea605f3bff35b48326ab07b8f4dcbd125afc5c6a39af217cefa716cfa4f1d7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f626164646973657276696365732f736166652d68746d6c3f6c6f676f3d4d4954)](./LICENSE)[![PHP Version](https://camo.githubusercontent.com/94c8f68f4979f891bf7cd040113965ce092086c0afb7613531b58089bfc823cf/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f626164646973657276696365732f7361666568746d6c)](https://camo.githubusercontent.com/94c8f68f4979f891bf7cd040113965ce092086c0afb7613531b58089bfc823cf/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f626164646973657276696365732f7361666568746d6c)[![Open issues](https://camo.githubusercontent.com/0139216aca612b53ff1dbcd0ced2f636da6ddf058cf6ec30ebd0605d9240f854/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732d7261772f626164646973657276696365732f736166652d68746d6c)](https://github.com/baddiservices/safe-html/issues?q=is%3Aissue+is%3Aopen)[![Stars](https://camo.githubusercontent.com/d1d80b784845883ea9b03106f5f687bb2e17dc5c66bfebb27be3688e6807a605/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f626164646973657276696365732f736166652d68746d6c)](https://github.com/baddiservices/safe-html/stargazers)[![Downloads](https://camo.githubusercontent.com/e74fd9e0cc4415ad1152caf7a68ce7d948087f4f11aebe74cc5ee81384463502/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f646d2f626164646973657276696365732f7361666568746d6c)](https://packagist.org/packages/baddiservices/safehtml)[![Twitter Follow](https://camo.githubusercontent.com/e45e0076ba52526547906978b52e5f5688ff91f88cdc60f9090e7d66824a7c08/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f666f6c6c6f772f3562616464693f7374796c653d736f6369616c)](https://twitter.com/intent/follow?screen_name=5baddi)

Safe HTML package help to prevent XSS vulnerability via HTML content.

---

Installation
------------

[](#installation)

Use [Composer](https://getcomposer.org/) to install the package:

```
$ composer require baddiservices/safehtml

```

Examples
--------

[](#examples)

Validate the input is HTML or not

```
...

use BADDIServices\SafeHTML\SafeHTML;

class DemoController extends Controller
{
    /** @var SafeHTML **/
    private $safeHTML;

    public function __construct(SafeHTML $safeHTML)
    {
        $this->safeHTML = $safeHTML;
    }

    public function IndexAction(Request $request)
    {
        $htmlContent = $request->input("content");
        if ($this->validate($htmlContent)) {
            // TODO: is valid HTML continue the process
        }
    }
}
```

Prevent XSS from HTML

```
...

$sanitizedHTML = $safeHTML->sanitizeHTML($content);
```

Prevent XSS from text

```
...

$sanitizedText = $safeHTML->sanitize($text);
```

Prevent XSS from link

```
...

$sanitizedURL = $safeHTML->sanitizeURL($url);
```

Available methods
-----------------

[](#available-methods)

MethodDescription`validate($value)`Verify text is HTML`sanitize($value)`Sanitize text to prevent HTML tags`sanitizeAll($values)`Sanitize array of texts to prevent HTML tags`sanitizeHTML($value)`Sanitize HTML to prevent XSS vulnerability`encodeEntities($value)`Encode special characters to HTML entities`decodeEntities($value)`Decode HTML entities to their corresponding characters`setBlackListPath($blackListPath)`Set a custom path of the blacklist json file`getEncoding()`Get characters encoding`setEncoding($encodage)`Set characters encodingBlacklist file example
----------------------

[](#blacklist-file-example)

You can check the [blacklist](./src/blacklist.json) used by default

```
{
    "tags": {
        "not-allowed": [],
        "not-allowed-empty": []
    },
    "attributes": {
        "not-allowed": []
    }
}
```

Exceptions
----------

[](#exceptions)

NameCodeDescription[BlackListNotLoadedException](./src/Exceptions/BlackListNotLoadedException.php)11Failed to load blacklist fileContribute
----------

[](#contribute)

Contributions to the package are always welcome!

- Report any bugs or issues you find.
- Clone the code source and submit your pull request.

###  Health Score

24

—

LowBetter than 32% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity13

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity47

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~55 days

Recently: every ~36 days

Total

8

Last Release

1459d ago

PHP version history (3 changes)v0.0.1PHP ^7.4|^8.0

v0.0.2PHP ^8.0

v0.0.8PHP &gt;=7.4

### Community

Maintainers

![](https://www.gravatar.com/avatar/27b7124393925a3f3cbbb2a131d181f2f9757a9da2b16808b4c24371f9d1afd7?d=identicon)[5baddi](/maintainers/5baddi)

---

Top Contributors

[![5baddi](https://avatars.githubusercontent.com/u/26310674?v=4)](https://github.com/5baddi "5baddi (62 commits)")

---

Tags

packagephpwysiwyg-xssxss-vulnerability

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/baddiservices-safehtml/health.svg)

```
[![Health](https://phpackages.com/badges/baddiservices-safehtml/health.svg)](https://phpackages.com/packages/baddiservices-safehtml)
```

###  Alternatives

[defuse/php-encryption

Secure PHP Encryption Library

3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs

A PHP library for XML Security

41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php

Realistic password strength estimation PHP library based on Zxcvbn JS

87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption

The Illuminate Encryption package.

9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string

Encapsulate strings in an object to hide them from stack traces

7410.6M39](/packages/paragonie-hidden-string)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)