PHPackages jeffersongoncalves/laravel-html-sanitizer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. jeffersongoncalves/laravel-html-sanitizer ActiveLibrary[Security](/categories/security) jeffersongoncalves/laravel-html-sanitizer ========================================= This Laravel package provides a simple wrapper around the Symfony HTML Sanitizer to safely clean untrusted HTML. It strips scripts, inline event handlers, and Alpine attributes while keeping the presentational subset (headings, lists, tables, code blocks, images, links) that rendered Markdown and READMEs need. The package is easy to install and configure, seamlessly integrating with your existing Laravel application. v1.0.0(today)10MITPHPPHP ^8.2CI passing Since Jun 20Pushed today1 watchersCompare [ Source](https://github.com/jeffersongoncalves/laravel-html-sanitizer)[ Packagist](https://packagist.org/packages/jeffersongoncalves/laravel-html-sanitizer)[ Docs](https://github.com/jeffersongoncalves/laravel-html-sanitizer)[ GitHub Sponsors](https://github.com/jeffersongoncalves)[ RSS](/packages/jeffersongoncalves-laravel-html-sanitizer/feed)WikiDiscussions master Synced today READMEChangelog (3)Dependencies (8)Versions (3)Used By (0) [![Laravel HTML Sanitizer](https://raw.githubusercontent.com/jeffersongoncalves/laravel-html-sanitizer/master/art/jeffersongoncalves-laravel-html-sanitizer.png)](https://raw.githubusercontent.com/jeffersongoncalves/laravel-html-sanitizer/master/art/jeffersongoncalves-laravel-html-sanitizer.png) Laravel HTML Sanitizer ====================== [](#laravel-html-sanitizer) [![Latest Version on Packagist](https://camo.githubusercontent.com/a11e4b03575fd4555afea18189e376ef1549873ba92c8c0ab6013ee5bba7b84f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a6566666572736f6e676f6e63616c7665732f6c61726176656c2d68746d6c2d73616e6974697a65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/jeffersongoncalves/laravel-html-sanitizer)[![GitHub Tests Action Status](https://camo.githubusercontent.com/1afab46890fabee363eda76afb2b8eb5a508ad806f584b44ccf8ea0eb88b7401/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6a6566666572736f6e676f6e63616c7665732f6c61726176656c2d68746d6c2d73616e6974697a65722f72756e2d74657374732e796d6c3f6272616e63683d6d6173746572266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/jeffersongoncalves/laravel-html-sanitizer/actions?query=workflow%3Arun-tests+branch%3Amaster)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/53f1873e090b3e089cebbeea5c469cdc2b42bb3e4b28bfbbe6b6eba48bdf5578/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6a6566666572736f6e676f6e63616c7665732f6c61726176656c2d68746d6c2d73616e6974697a65722f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d6173746572266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/jeffersongoncalves/laravel-html-sanitizer/actions?query=workflow%3A%22Fix+PHP+code+styling%22+branch%3Amaster)[![Total Downloads](https://camo.githubusercontent.com/5798d9772b3e5065c42545ac5b827c32fcec974657c1502617d7d713b885013f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6a6566666572736f6e676f6e63616c7665732f6c61726176656c2d68746d6c2d73616e6974697a65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/jeffersongoncalves/laravel-html-sanitizer) This Laravel package provides a simple wrapper around the Symfony HTML Sanitizer to safely clean untrusted HTML. It strips scripts, inline event handlers, and Alpine attributes while keeping the presentational subset (headings, lists, tables, code blocks, images, links) that rendered Markdown and READMEs need. The package is easy to install and configure, seamlessly integrating with your existing Laravel application. Installation ------------ [](#installation) You can install the package via composer: ``` composer require jeffersongoncalves/laravel-html-sanitizer ``` Usage ----- [](#usage) Pass any untrusted HTML through `HtmlSanitizer::clean()` before rendering it: ``` use JeffersonGoncalves\HtmlSanitizer\HtmlSanitizer; $dirty = 'Helloalert("xss")'; $clean = HtmlSanitizer::clean($dirty); // Hello ``` The sanitizer: - drops ``, `` and every event-handler attribute (`onerror`, `onclick`, ...); - strips Alpine `x-*` attributes; - keeps the safe presentational subset: headings, lists, tables, code blocks, images and links; - allows relative links/medias and the `https`, `http`, `mailto` link schemes (plus `data` for media); - preserves `class`/`id` attributes (for heading permalinks, code-language hints and table wrappers) and `width`/`height` on ``. It is intended for rendered HTML that originated from untrusted sources — GitHub READMEs of third-party repos and the Markdown body of imported articles — where raw HTML is enabled during rendering. Testing ------- [](#testing) ``` composer test ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Jèfferson Gonçalves](https://github.com/jeffersongoncalves) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 41 — FairBetter than 87% of packages Maintenance100 Actively maintained with recent releases Popularity2 Limited adoption so far Community9 Small or concentrated contributor base Maturity47 Maturing project, gaining track record Bus Factor1 Top contributor holds 88.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 0d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/411493?v=4)[Jefferson Gonçalves](/maintainers/jeffersongoncalves)[@jeffersongoncalves](https://github.com/jeffersongoncalves) --- Top Contributors [![jeffersongoncalves](https://avatars.githubusercontent.com/u/411493?v=4)](https://github.com/jeffersongoncalves "jeffersongoncalves (8 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)") --- Tags composerhtmlhtml-sanitizerjeffersongoncalveslaravellaravel-packagephpsecuritysymfonyxsslaraveljeffersongoncalveslaravel-html-sanitizer ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/jeffersongoncalves-laravel-html-sanitizer/health.svg) ``` [![Health](https://phpackages.com/badges/jeffersongoncalves-laravel-html-sanitizer/health.svg)](https://phpackages.com/packages/jeffersongoncalves-laravel-html-sanitizer) ``` ### Alternatives [spatie/laravel-responsecache Speed up a Laravel application by caching the entire response 2.8k8.7M64](/packages/spatie-laravel-responsecache)[spatie/laravel-health Monitor the health of a Laravel application 87411.3M152](/packages/spatie-laravel-health)[spatie/laravel-csp Add CSP headers to the responses of a Laravel app 86110.6M23](/packages/spatie-laravel-csp)[defstudio/telegraph A laravel facade to interact with Telegram Bots 815320.5k3](/packages/defstudio-telegraph)[harris21/laravel-fuse Circuit breaker for Laravel queue jobs. Protect your workers from cascading failures. 43140.3k](/packages/harris21-laravel-fuse)[cjmellor/level-up This package allows users to gain experience points (XP) and progress through levels by performing actions on your site. It can provide a simple way to track user progress and implement gamification elements into your application 669100.8k](/packages/cjmellor-level-up) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)