PHPackages carlos-andres/nova-html-field - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. carlos-andres/nova-html-field ActiveLibrary[Validation & Sanitization](/categories/validation) carlos-andres/nova-html-field ============================= A Laravel Nova field for rendering HTML content with XSS protection v1.0.0(3mo ago)00MITPHPPHP ^8.1 Since Feb 1Pushed 3mo agoCompare [ Source](https://github.com/carlos-andres/nova-html-field)[ Packagist](https://packagist.org/packages/carlos-andres/nova-html-field)[ RSS](/packages/carlos-andres-nova-html-field/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (5)Versions (2)Used By (0) Nova HTML Field =============== [](#nova-html-field) [![Latest Version on Packagist](https://camo.githubusercontent.com/77ccecf2e994562b15d1226a580479e7c9a052e9f2017f97f5971ba869b291de/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6361726c6f732d616e647265732f6e6f76612d68746d6c2d6669656c642e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/carlos-andres/nova-html-field)[![Total Downloads](https://camo.githubusercontent.com/81c1621ea2d2db66562ef480c48ec7cc6b541766e66fc3d9fbe216cd18c9b673/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6361726c6f732d616e647265732f6e6f76612d68746d6c2d6669656c642e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/carlos-andres/nova-html-field) A Laravel Nova 4/5 field for rendering HTML content with built-in XSS protection via HTMLPurifier. Features -------- [](#features) - **XSS Protection** - HTMLPurifier sanitization enabled by default - **Dynamic Content** - Resolve HTML from model attributes or closures - **Inline Styles** - Full support for inline CSS styling - **View Control** - Standard Nova visibility methods - **Conditional Display** - Show/hide based on request conditions Requirements ------------ [](#requirements) - PHP 8.1+ - Laravel 10+ - Nova 4+ or Nova 5+ Installation ------------ [](#installation) ``` composer require carlos-andres/nova-html-field ``` No build step required - works out of the box. Quick Start ----------- [](#quick-start) ``` use Vendor\NovaHtmlField\HtmlField; // Static content HtmlField::make('Notice') ->content('Settings saved successfully'); // Dynamic from model HtmlField::make('Preview') ->html(fn ($model) => ''.e($model->title).''); // From model attribute HtmlField::make('Description', 'html_content'); ``` Usage ----- [](#usage) ### Static HTML with `content()` [](#static-html-with-content) ``` HtmlField::make('Info Banner') ->content(' Configuration Manage your settings below ') ->onlyOnForms(); ``` ### Dynamic Content with `html()` [](#dynamic-content-with-html) ``` // Status badge that changes based on model state HtmlField::make('Status') ->html(fn ($model) => ' '.($model->is_active ? 'Active' : 'Inactive').' ') ->onlyOnIndex(); // Image preview HtmlField::make('Thumbnail') ->html(fn ($model) => $model->image_url ? '' : 'No image' ); ``` ### From Model Attribute [](#from-model-attribute) ``` // Direct attribute (sanitized automatically) HtmlField::make('Body', 'html_content'); // With transform callback HtmlField::make('Formatted', 'raw_content', function ($value) { return ''.e($value).''; }); ``` ### View Visibility [](#view-visibility) ``` HtmlField::make('Details') ->content('Only visible on detail view') ->onlyOnDetail(); HtmlField::make('Summary') ->html(fn ($m) => $m->summary_html) ->showOnIndex() ->hideFromDetail(); HtmlField::make('Form Help') ->content('Fill in all required fields') ->onlyOnForms(); ``` ### Conditional Rendering [](#conditional-rendering) ``` // Show only for admins HtmlField::make('Admin Panel') ->content('Admin-only content') ->when(fn ($request) => $request->user()->isAdmin()); // Hide for admins HtmlField::make('User Notice') ->content('Contact admin for changes') ->unless(fn ($request) => $request->user()->isAdmin()); ``` Styling Guide ------------- [](#styling-guide) ### Use Inline Styles (Recommended) [](#use-inline-styles-recommended) Inline styles are the most reliable way to style HtmlField content: ``` HtmlField::make('Alert') ->content(' Warning Please review before saving '); ``` ### Tailwind CSS Limitations [](#tailwind-css-limitations) Tailwind utility classes (e.g., `bg-blue-500`, `p-4`, `rounded-lg`) **will not render** unless they are already included in Nova's compiled CSS bundle. Nova only includes the Tailwind classes it uses internally. ``` // This may NOT work (classes might not exist in Nova's CSS) HtmlField::make('Card') ->content('Hello'); // This WILL work (inline styles always render) HtmlField::make('Card') ->content('Hello'); ``` ### Icons and Emojis [](#icons-and-emojis) HTMLPurifier strips SVG elements by default. Use emoji or Unicode symbols instead: ``` // Using emoji (works) HtmlField::make('Files') ->content('📁 Files Section'); HtmlField::make('Images') ->content('🖼️ Images Section'); // SVG will be stripped (won't work without disabling sanitization) HtmlField::make('Files') ->content('... Files Section'); ``` Security -------- [](#security) ### Default Protection [](#default-protection) All HTML is sanitized using [HTMLPurifier](http://htmlpurifier.org/): ThreatProtection`` tagsRemovedEvent handlers (`onclick`, `onerror`)Removed`javascript:` URLsBlocked``, ``, ``Removed`data:` URLs in imagesBlockedSafe HTML elementsPreservedInline stylesPreserved### Best Practices [](#best-practices) **Always escape dynamic content:** ``` // Good - escaped HtmlField::make('Title') ->html(fn ($m) => ''.e($m->title).''); // Bad - XSS vulnerable HtmlField::make('Title') ->html(fn ($m) => ''.$m->title.''); ``` ### Disable Sanitization (Trusted Content Only) [](#disable-sanitization-trusted-content-only) ``` // Only for content you completely control HtmlField::make('Trusted HTML') ->html(fn ($m) => $m->trusted_html) ->withoutSanitization(); ``` ### Custom Purifier Configuration [](#custom-purifier-configuration) ``` // Restrict allowed elements HtmlField::make('Simple') ->html(fn ($m) => $m->html) ->purifierConfig([ 'HTML.Allowed' => 'p,b,i,a[href]', ]); // Allow target="_blank" on links HtmlField::make('Links') ->html(fn ($m) => $m->html) ->purifierConfig([ 'Attr.AllowedFrameTargets' => ['_blank'], ]); ``` See [HTMLPurifier docs](http://htmlpurifier.org/live/configdoc/plain.html) for all options. API Reference ------------- [](#api-reference) MethodDescription`content(string $html)`Set static HTML content`html(Closure $callback)`Set HTML via closure (receives model)`withoutSanitization()`Disable HTMLPurifier (use with caution)`purifierConfig(array $config)`Custom HTMLPurifier settings`when(Closure $callback)`Show when condition is true`unless(Closure $callback)`Show unless condition is true### Inherited Nova Methods [](#inherited-nova-methods) - `onlyOnIndex()`, `onlyOnDetail()`, `onlyOnForms()` - `showOnIndex()`, `showOnDetail()`, `showOnCreating()`, `showOnUpdating()` - `hideFromIndex()`, `hideFromDetail()`, `hideWhenCreating()`, `hideWhenUpdating()` - `exceptOnForms()` - `canSee(Closure $callback)` - `fullWidth()` - `help(string $text)` Testing ------- [](#testing) ``` composer test ``` **Note:** Tests require Nova classes. Run from within a Laravel project that has Nova installed, or the tests will fail with "Class not found" errors. Changelog --------- [](#changelog) future implementation. License ------- [](#license) MIT License. See [LICENSE](LICENSE) for details. ### Health Score 34 — LowBetter than 77% of packages Maintenance81 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity42 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 100d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/44323d847eb473e86468ccf913956f927fb4aad0b8a1303d5b92bca3d59cb480?d=identicon)[carlos-andres](/maintainers/carlos-andres) --- Top Contributors [![carlos-andres](https://avatars.githubusercontent.com/u/5489747?v=4)](https://github.com/carlos-andres "carlos-andres (2 commits)") --- Tags laravelhtmlxssfieldnovasanitization ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/carlos-andres-nova-html-field/health.svg) ``` [![Health](https://phpackages.com/badges/carlos-andres-nova-html-field/health.svg)](https://phpackages.com/packages/carlos-andres-nova-html-field) ``` ### Alternatives [stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[xemlock/htmlpurifier-html5 HTML5 support for HTML Purifier 1052.9M11](/packages/xemlock-htmlpurifier-html5)[dniccum/phone-number A Laravel Nova phone number field with input masking and validation support. 71432.7k](/packages/dniccum-phone-number)[aura/input This package contains tools to describe and filter user inputs from an HTML form, including sub-forms/sub-fieldsets, fieldset collections, an interface for injecting custom filter systems, and CSRF protection. Note that this package does not include output functionality, although the "hints" provided by the Form object can be used with any presentation system to generate an HTML form. 6678.4k4](/packages/aura-input)[joshmoreno/nova-html-field A Laravel Nova field for rendering custom html on index, detail, and forms. 1398.6k2](/packages/joshmoreno-nova-html-field) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)