PHPackages dilneiss/purify - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. dilneiss/purify ActiveLibrary[Validation & Sanitization](/categories/validation) dilneiss/purify =============== An HTML Purifier / Sanitizer for Laravel v4.0.1(4y ago)0230MITPHPPHP >=7.1 Since May 7Pushed 4y agoCompare [ Source](https://github.com/dilneiss/purify)[ Packagist](https://packagist.org/packages/dilneiss/purify)[ RSS](/packages/dilneiss-purify/feed)WikiDiscussions master Synced today READMEChangelog (1)Dependencies (3)Versions (15)Used By (0) Purify ====== [](#purify) [![GitHub Actions](https://camo.githubusercontent.com/73d07e19c5f58807c4617fd75940294f2a8b6db60aefc866f4edc81c2135b05f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f73746576656261756d616e2f7075726966792f72756e2d74657374732e7376673f7374796c653d666c61742d737175617265)](https://github.com/stevebauman/purify/actions)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/3646cbf1ceec057ce4e030556892ee4ac4bb97f9f2a451bf72d0146299740638/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f73746576656261756d616e2f7075726966792e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/stevebauman/purify/?branch=master)[![Latest Stable Version](https://camo.githubusercontent.com/ab3dbef7c0a0cca820979bba38633738077b1f5b57e99c3d8c9a45926e27c6a4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f73746576656261756d616e2f7075726966792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/stevebauman/purify)[![Total Downloads](https://camo.githubusercontent.com/9cb4b9dbccc1fafc1f1c0f6ade8e15fe9b03ce148b74bb75f5cf1025a22bc1dd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73746576656261756d616e2f7075726966792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/stevebauman/purify)[![License](https://camo.githubusercontent.com/9f6691c0404271bf063c53b4a0ee8f4d2baacb26c263f074c87df1ff33e8fc79/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f73746576656261756d616e2f7075726966792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/stevebauman/purify) Purify is a Laravel wrapper around [HTMLPurifier](https://github.com/ezyang/htmlpurifier) by [ezyang](https://github.com/ezyang). ### Requirements [](#requirements) - PHP >= 7.1 - Laravel >= 5.5 ### Installation [](#installation) To install Purify, run the following in the root of your project: ``` composer require stevebauman/purify ``` Then, publish the configuration file using: ``` php artisan vendor:publish --provider="Stevebauman\Purify\PurifyServiceProvider" ``` If you are using Lumen, you should copy the config file `purify.php` by hand, and add this line to your `bootstrap/app.php`: ``` $app->register(Stevebauman\Purify\PurifyServiceProvider::class); ``` ### Usage [](#usage) ##### Cleaning a String [](#cleaning-a-string) To clean a users input, simply use the clean method: ``` $input = 'alert("Harmful Script"); Test'; // Returns 'Test' $cleaned = Purify::clean($input); ``` ##### Cleaning an Array [](#cleaning-an-array) Need to purify an array of user input? Just pass in an array: ``` $array = [ 'alert("Harmful Script"); Test', 'alert("Harmful Script"); Test', ]; $cleaned = Purify::clean($array); // array [ // 'Test', // 'Test', // ] var_dump($cleaned); ``` ##### Dynamic Configuration [](#dynamic-configuration) Need a different configuration for a single input? Pass in a configuration array into the second parameter: ``` $config = ['HTML.Allowed' => 'div,b,a[href]']; $cleaned = Purify::clean($input, $config); ``` > **Note**: Configuration passed into the second parameter is **not** merged with your current configuration. ``` $config = ['HTML.Allowed' => 'div,b,a[href]']; $cleaned = Purify::clean($input, $config); ``` ##### Replacing the HTML Purifier instance [](#replacing-the-html-purifier-instance) Need to replace the HTML Purifier instance with your own? Call the `setPurifier()` method: ``` $purifier = new HTMLPurifier(); Purify::setPurifier($purifier); ``` ### Practices [](#practices) If you're looking into sanitization, you're likely wanting to sanitize inputted user HTML content that is then stored in your database to be rendered onto your application. In this scenario, it's likely best practice to sanitize on the *way out* instead of the on the *way in*. Remember, the **database doesn't care what text it contains**. This way you can allow anything to be inserted in the database, and have strong sanization rules on the way out. This helps tremendously if you change your sanization requirements later down the line, then all rendered content will follow these sanization rules. ### Configuration [](#configuration) Inside the configuration file, the entire settings array is passed directly to the HTML Purifier configuration, so feel free to customize it however you wish. For the configuration documentation, please visit the HTML Purifier Website: #### Custom Configuration Rules [](#custom-configuration-rules) There's multiple ways of creating custom rules on the HTML Purifier instance. Below is an example service provider you can use as a starting point to add rules to the instance. This provider gives compatibility with Basecamp's Trix WYSIWYG editor: Credit to [Antonio Primera](https://github.com/AntonioPrimera) for resolving some [HTML Purifier configuration issues](https://github.com/stevebauman/purify/issues/7) with trix. ```