PHPackages                             carlos-andres/nova-html-field - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. carlos-andres/nova-html-field

ActiveLibrary[Validation &amp; Sanitization](/categories/validation)

carlos-andres/nova-html-field
=============================

A Laravel Nova field for rendering HTML content with XSS protection

v1.0.0(5mo ago)012MITPHPPHP ^8.1

Since Feb 1Pushed 5mo agoCompare

[ Source](https://github.com/carlos-andres/nova-html-field)[ Packagist](https://packagist.org/packages/carlos-andres/nova-html-field)[ RSS](/packages/carlos-andres-nova-html-field/feed)WikiDiscussions main Synced today

READMEChangelog (1)Dependencies (5)Versions (2)Used By (0)

Nova HTML Field
===============

[](#nova-html-field)

[![Latest Version on Packagist](https://camo.githubusercontent.com/77ccecf2e994562b15d1226a580479e7c9a052e9f2017f97f5971ba869b291de/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6361726c6f732d616e647265732f6e6f76612d68746d6c2d6669656c642e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/carlos-andres/nova-html-field)[![Total Downloads](https://camo.githubusercontent.com/81c1621ea2d2db66562ef480c48ec7cc6b541766e66fc3d9fbe216cd18c9b673/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6361726c6f732d616e647265732f6e6f76612d68746d6c2d6669656c642e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/carlos-andres/nova-html-field)

A Laravel Nova 4/5 field for rendering HTML content with built-in XSS protection via HTMLPurifier.

Features
--------

[](#features)

- **XSS Protection** - HTMLPurifier sanitization enabled by default
- **Dynamic Content** - Resolve HTML from model attributes or closures
- **Inline Styles** - Full support for inline CSS styling
- **View Control** - Standard Nova visibility methods
- **Conditional Display** - Show/hide based on request conditions

Requirements
------------

[](#requirements)

- PHP 8.1+
- Laravel 10+
- Nova 4+ or Nova 5+

Installation
------------

[](#installation)

```
composer require carlos-andres/nova-html-field
```

No build step required - works out of the box.

Quick Start
-----------

[](#quick-start)

```
use Vendor\NovaHtmlField\HtmlField;

// Static content
HtmlField::make('Notice')
    ->content('Settings saved successfully');

// Dynamic from model
HtmlField::make('Preview')
    ->html(fn ($model) => ''.e($model->title).'');

// From model attribute
HtmlField::make('Description', 'html_content');
```

Usage
-----

[](#usage)

### Static HTML with `content()`

[](#static-html-with-content)

```
HtmlField::make('Info Banner')
    ->content('

                Configuration

                Manage your settings below

    ')
    ->onlyOnForms();
```

### Dynamic Content with `html()`

[](#dynamic-content-with-html)

```
// Status badge that changes based on model state
HtmlField::make('Status')
    ->html(fn ($model) => '

            '.($model->is_active ? 'Active' : 'Inactive').'

    ')
    ->onlyOnIndex();

// Image preview
HtmlField::make('Thumbnail')
    ->html(fn ($model) => $model->image_url
        ? ''
        : 'No image'
    );
```

### From Model Attribute

[](#from-model-attribute)

```
// Direct attribute (sanitized automatically)
HtmlField::make('Body', 'html_content');

// With transform callback
HtmlField::make('Formatted', 'raw_content', function ($value) {
    return ''.e($value).'';
});
```

### View Visibility

[](#view-visibility)

```
HtmlField::make('Details')
    ->content('Only visible on detail view')
    ->onlyOnDetail();

HtmlField::make('Summary')
    ->html(fn ($m) => $m->summary_html)
    ->showOnIndex()
    ->hideFromDetail();

HtmlField::make('Form Help')
    ->content('Fill in all required fields')
    ->onlyOnForms();
```

### Conditional Rendering

[](#conditional-rendering)

```
// Show only for admins
HtmlField::make('Admin Panel')
    ->content('Admin-only content')
    ->when(fn ($request) => $request->user()->isAdmin());

// Hide for admins
HtmlField::make('User Notice')
    ->content('Contact admin for changes')
    ->unless(fn ($request) => $request->user()->isAdmin());
```

Styling Guide
-------------

[](#styling-guide)

### Use Inline Styles (Recommended)

[](#use-inline-styles-recommended)

Inline styles are the most reliable way to style HtmlField content:

```
HtmlField::make('Alert')
    ->content('

            Warning
            Please review before saving

    ');
```

### Tailwind CSS Limitations

[](#tailwind-css-limitations)

Tailwind utility classes (e.g., `bg-blue-500`, `p-4`, `rounded-lg`) **will not render** unless they are already included in Nova's compiled CSS bundle. Nova only includes the Tailwind classes it uses internally.

```
// This may NOT work (classes might not exist in Nova's CSS)
HtmlField::make('Card')
    ->content('Hello');

// This WILL work (inline styles always render)
HtmlField::make('Card')
    ->content('Hello');
```

### Icons and Emojis

[](#icons-and-emojis)

HTMLPurifier strips SVG elements by default. Use emoji or Unicode symbols instead:

```
// Using emoji (works)
HtmlField::make('Files')
    ->content('📁 Files Section');

HtmlField::make('Images')
    ->content('🖼️ Images Section');

// SVG will be stripped (won't work without disabling sanitization)
HtmlField::make('Files')
    ->content('... Files Section');
```

Security
--------

[](#security)

### Default Protection

[](#default-protection)

All HTML is sanitized using [HTMLPurifier](http://htmlpurifier.org/):

ThreatProtection`` tagsRemovedEvent handlers (`onclick`, `onerror`)Removed`javascript:` URLsBlocked``, ``, ``Removed`data:` URLs in imagesBlockedSafe HTML elementsPreservedInline stylesPreserved### Best Practices

[](#best-practices)

**Always escape dynamic content:**

```
// Good - escaped
HtmlField::make('Title')
    ->html(fn ($m) => ''.e($m->title).'');

// Bad - XSS vulnerable
HtmlField::make('Title')
    ->html(fn ($m) => ''.$m->title.'');
```

### Disable Sanitization (Trusted Content Only)

[](#disable-sanitization-trusted-content-only)

```
// Only for content you completely control
HtmlField::make('Trusted HTML')
    ->html(fn ($m) => $m->trusted_html)
    ->withoutSanitization();
```

### Custom Purifier Configuration

[](#custom-purifier-configuration)

```
// Restrict allowed elements
HtmlField::make('Simple')
    ->html(fn ($m) => $m->html)
    ->purifierConfig([
        'HTML.Allowed' => 'p,b,i,a[href]',
    ]);

// Allow target="_blank" on links
HtmlField::make('Links')
    ->html(fn ($m) => $m->html)
    ->purifierConfig([
        'Attr.AllowedFrameTargets' => ['_blank'],
    ]);
```

See [HTMLPurifier docs](http://htmlpurifier.org/live/configdoc/plain.html) for all options.

API Reference
-------------

[](#api-reference)

MethodDescription`content(string $html)`Set static HTML content`html(Closure $callback)`Set HTML via closure (receives model)`withoutSanitization()`Disable HTMLPurifier (use with caution)`purifierConfig(array $config)`Custom HTMLPurifier settings`when(Closure $callback)`Show when condition is true`unless(Closure $callback)`Show unless condition is true### Inherited Nova Methods

[](#inherited-nova-methods)

- `onlyOnIndex()`, `onlyOnDetail()`, `onlyOnForms()`
- `showOnIndex()`, `showOnDetail()`, `showOnCreating()`, `showOnUpdating()`
- `hideFromIndex()`, `hideFromDetail()`, `hideWhenCreating()`, `hideWhenUpdating()`
- `exceptOnForms()`
- `canSee(Closure $callback)`
- `fullWidth()`
- `help(string $text)`

Testing
-------

[](#testing)

```
composer test
```

**Note:** Tests require Nova classes. Run from within a Laravel project that has Nova installed, or the tests will fail with "Class not found" errors.

Changelog
---------

[](#changelog)

future implementation.

License
-------

[](#license)

MIT License. See [LICENSE](LICENSE) for details.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance73

Regular maintenance activity

Popularity8

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity43

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

153d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/5489747?v=4)[Carlos A Loaiza O](/maintainers/carlos-andres)[@carlos-andres](https://github.com/carlos-andres)

---

Top Contributors

[![carlos-andres](https://avatars.githubusercontent.com/u/5489747?v=4)](https://github.com/carlos-andres "carlos-andres (2 commits)")

---

Tags

laravelhtmlxssfieldnovasanitization

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/carlos-andres-nova-html-field/health.svg)

```
[![Health](https://phpackages.com/badges/carlos-andres-nova-html-field/health.svg)](https://phpackages.com/packages/carlos-andres-nova-html-field)
```

###  Alternatives

[stevebauman/purify

An HTML Purifier / Sanitizer for Laravel

5396.5M34](/packages/stevebauman-purify)[xemlock/htmlpurifier-html5

HTML5 support for HTML Purifier

1053.2M18](/packages/xemlock-htmlpurifier-html5)[dniccum/phone-number

A Laravel Nova phone number field with input masking and validation support.

70467.4k](/packages/dniccum-phone-number)[joshmoreno/nova-html-field

A Laravel Nova field for rendering custom html on index, detail, and forms.

13102.0k3](/packages/joshmoreno-nova-html-field)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
