PHPackages                             chrisshick/cakephp3-html-purifier - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation & Sanitization](/categories/validation)
4. /
5. chrisshick/cakephp3-html-purifier

ActiveCakephp-plugin[Validation & Sanitization](/categories/validation)

chrisshick/cakephp3-html-purifier
=================================

This is a CakePHP3 Purifier Plugin Behavior that cleanses data before it is marshalled into the entity.

3.0.0(5y ago)12168.1k↓30.8%5[1 PRs](https://github.com/chrisShick/CakePHP3-HtmlPurifier/pulls)MITPHPPHP >=7.2.0

Since Feb 8Pushed 3y ago3 watchersCompare

[ Source](https://github.com/chrisShick/CakePHP3-HtmlPurifier)[ Packagist](https://packagist.org/packages/chrisshick/cakephp3-html-purifier)[ Docs](https://github.com/chrisShick/CakePHP3-HtmlPurifier)[ RSS](/packages/chrisshick-cakephp3-html-purifier/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (3)Dependencies (4)Versions (7)Used By (0)

CakePHP3-HtmlPurifier plugin
============================

[](#cakephp3-htmlpurifier-plugin)

[![Build Status](https://camo.githubusercontent.com/9d9e54b2be60d9c7054176b36e85a9728c6e6e7bd0aa5799d4d16c5d5ee99618/68747470733a2f2f7472617669732d63692e6f72672f6368726973536869636b2f43616b65504850332d48746d6c50757269666965722e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/chrisShick/CakePHP3-HtmlPurifier)

This plugin is a sanitizer for entity data that uses the Html Purifier Library:

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

Recognition
-----------

[](#recognition)

I have to give credit to @josegonzalez for giving me the inspiration to write this based on his Purifiable Behavior.

Requirements
------------

[](#requirements)

- CakePHP 3.1.x
- PHP >= 5.4.16

Installation
------------

[](#installation)

You can install this plugin into your CakePHP application using [composer](http://getcomposer.org).

The recommended way to install composer packages is:

```
  composer require chrisshick/cakephp3-html-purifier

```

or add the plugin to your project's `composer.json` like this:

```
    {
        "require": {
            "chrisshick/cakephp3-html-purifier": "dev-master"
        }
    }

```

\##Enable the Plugin In 3.x all you need to do to enable the plugin is:

```
    Plugin::load('ChrisShick/CakePHP3HtmlPurifier');

```

If you are already using `Plugin::loadAll();`, then you do not need to do the above step.

\##Usage To start sanitizing your data, you need to attach the behavior to your table in the initialization function and pass in the fields that you want to be sanitized:

```
    $this->addBehavior('ChrisShick/CakePHP3HtmlPurifier.HtmlPurifier', [
        'fields'=>['title','description']
    ]);

```

By default the behavior purifies only on the beforeMarshal Event. To disable this, you should do the following:

```
   $this->addBehavior('ChrisShick/CakePHP3HtmlPurifier.HtmlPurifier', [
        'events' => [
           Model.beforeMarshal => false,
           // you can also uncomment the line below to turn on the purifier only on the beforeSave event
           //Model.beforeSave => true,
        ]
   ]);

```

You can also have the purifier called on a custom event:

```
    $this->addBehavior('ChrisShick/CakePHP3HtmlPurifier.HtmlPurifier', [
        'events' => [
           Model.myCustomEvent => true,
        ]
   ]);

```

You can adjust the HtmlPurifier configuration by passing in the config key into the configuration:

```
   $this->addBehavior('ChrisShick/CakePHP3HtmlPurifier.HtmlPurifier', [
        'config' => [
            'HTML' => [
                'DefinitionID' => 'purifiable',
                'DefinitionRev' => 1,
                'TidyLevel' => 'heavy',
                'Doctype' => 'XHTML 1.0 Transitional'
            ],
            'Core' => [
                'Encoding' => 'UTF-8'
            ],
            'AutoFormat' => [
                'RemoveSpansWithoutAttributes' => true,
                'RemoveEmpty' => true
            ],
        ],
   ]);

```

You can find all the configurable options and custom filters on the  website.

\###HTML5 support

HTMLPurifier does not support HTML 5. However, the plugin incorporates work to add new elements (e.g. article, section, video, mark) to the HTML definition, based on HTML 4.01 Transitional, so HTMLPurifier won't strip them. To enable this functionality, specify the Doctype as 'HTML 5' in your configuration.

\##License

The MIT License (MIT)

Copyright (c) 2015 Chris Hickingbottom

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

###  Health Score

38

—

LowBetter than 85% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity42

Moderate usage in the ecosystem

Community14

Small or concentrated contributor base

Maturity62

Established project with proven stability

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~337 days

Total

5

Last Release

2039d ago

Major Versions

v2.x-dev → 3.0.02020-10-18

3.0.0 → 4.0.x-dev2020-10-18

PHP version history (3 changes)v1PHP >=5.4.0

2.0.0PHP >=5.6.0

3.0.0PHP >=7.2.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/4d74281930938983aded48982ed89115cf6fb5f0e850a161eea5ab84e1a149ef?d=identicon)[chrisShick](/maintainers/chrisShick)

---

Top Contributors

[![chrisShick](https://avatars.githubusercontent.com/u/7357050?v=4)](https://github.com/chrisShick "chrisShick (5 commits)")[![ypnos-web](https://avatars.githubusercontent.com/u/15981753?v=4)](https://github.com/ypnos-web "ypnos-web (5 commits)")[![adamharley](https://avatars.githubusercontent.com/u/863768?v=4)](https://github.com/adamharley "adamharley (1 commits)")

---

Tags

pluginPurifiercakephphtmlpurifierfieldscakephp3entities

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/chrisshick-cakephp3-html-purifier/health.svg)

```
[![Health](https://phpackages.com/badges/chrisshick-cakephp3-html-purifier/health.svg)](https://phpackages.com/packages/chrisshick-cakephp3-html-purifier)
```

###  Alternatives

[stevebauman/purify

An HTML Purifier / Sanitizer for Laravel

5325.6M19](/packages/stevebauman-purify)[xemlock/htmlpurifier-html5

HTML5 support for HTML Purifier

1052.9M11](/packages/xemlock-htmlpurifier-html5)[dereuromark/cakephp-tinyauth

A CakePHP plugin to handle user authentication and authorization the easy way.

129228.6k10](/packages/dereuromark-cakephp-tinyauth)[ivanamat/cakephp3-aclmanager

AclManager plugin for CakePHP 3.x

2715.2k](/packages/ivanamat-cakephp3-aclmanager)[dereuromark/cakephp-translate

A CakePHP plugin for managing translations

1710.4k](/packages/dereuromark-cakephp-translate)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)