PHPackages                             kariricode/sanitizer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. kariricode/sanitizer

ActiveLibrary[Validation &amp; Sanitization](/categories/validation)

kariricode/sanitizer
====================

Composable, rule-based data sanitization engine for PHP 8.4+ — 33 rules, #\[Sanitize\] attributes, XSS prevention, powered by kariricode/property-inspector. ARFA 1.3.

v1.2.3(2mo ago)03MITPHPPHP ^8.4CI passing

Since Oct 15Pushed 2mo agoCompare

[ Source](https://github.com/KaririCode-Framework/kariricode-sanitizer)[ Packagist](https://packagist.org/packages/kariricode/sanitizer)[ Docs](https://kariricode.org)[ RSS](/packages/kariricode-sanitizer/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (6)Dependencies (1)Versions (8)Used By (0)

KaririCode Sanitizer
====================

[](#kariricode-sanitizer)

[![CI](https://github.com/KaririCode-Framework/kariricode-sanitizer/actions/workflows/ci.yml/badge.svg)](https://github.com/KaririCode-Framework/kariricode-sanitizer/actions/workflows/ci.yml)[![PHP 8.4+](https://camo.githubusercontent.com/270717987f5341772d79b57567226e54ed27b2d4199bbdc98a96e2edf24902fa/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e342532422d3737374242343f6c6f676f3d706870266c6f676f436f6c6f723d7768697465)](https://www.php.net/)[![License: MIT](https://camo.githubusercontent.com/1e64768fef09f35b66921728160f533208fd2e3e792a2755187d16c25d535511/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d3232633535652e737667)](LICENSE)[![PHPStan Level 9](https://camo.githubusercontent.com/a812723b363d3726b682e5d739e91f2ade163846054ce3797b9085b84cc61806/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d4c6576656c253230392d344634364535)](https://phpstan.org/)[![Tests](https://camo.githubusercontent.com/a270c1d04c6e56489c8f1f4c7d32d98e578f6ca43736b5511eeb28b2272dc7d2/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f54657374732d31373525323070617373696e672d323263353565)](https://github.com/KaririCode-Framework/kariricode-sanitizer/actions)[![Coverage](https://camo.githubusercontent.com/654ee01aec37dfb6b6c19a7d8d7c2d962ae7fdcae0507dad1bd72fa65a113d1c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f436f7665726167652d3130302532352d323263353565)](https://github.com/KaririCode-Framework/kariricode-sanitizer/actions)[![Rules](https://camo.githubusercontent.com/c1840656a36a949fa3e95767a0ef355fa39f0900bf509b19e74dbe08eb8caf18/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f52756c65732d33332d323263353565)](docs/spec/SPEC-002-rule-reference.md)[![ARFA](https://camo.githubusercontent.com/e317730c0346377e1075b8e3fa865ab41ca549080b609d45170aa686e3461afb/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f415246412d312e34332d6f72616e6765)](https://kariricode.org)[![KaririCode Framework](https://camo.githubusercontent.com/bd3e3709bf161ac982b76f7afd06c39afe478d15f2b5e1d47df8606b5c9c03f0/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4b6172697269436f64652d4672616d65776f726b2d6f72616e6765)](https://kariricode.org)

**Composable, rule-based data sanitization engine for PHP 8.4+ — 33 rules, zero dependencies.**

[Installation](#installation) · [Quick Start](#quick-start) · [Attribute DTO](#attribute-driven-dto-sanitization) · [All Rules](#all-33-rules) · [Architecture](#architecture) · [Docs](docs/README.md)

---

The Problem
-----------

[](#the-problem)

Raw user input arrives dirty — whitespace, wrong case, dangerous HTML, unformatted documents — and cleaning it is always ad-hoc:

```
// Sprinkled everywhere with no audit trail
$name  = ucwords(strtolower(trim($request->name)));
$email = strtolower(trim($request->email));
$cpf   = preg_replace('/\D/', '', $request->cpf);
$bio   = htmlspecialchars(strip_tags($request->bio));

// No record of what changed, no idempotency guarantee,
// no attribute-driven DTOs, no composition.
```

The Solution
------------

[](#the-solution)

```
use KaririCode\Sanitizer\Provider\SanitizerServiceProvider;

$engine = (new SanitizerServiceProvider())->createEngine();

$result = $engine->sanitize(
    data: [
        'name'  => '  walmir  SILVA  ',
        'email' => '  Admin@Kariricode.ORG  ',
        'cpf'   => '52998224725',
        'bio'   => 'alert("xss")Bold',
    ],
    fieldRules: [
        'name'  => ['trim', 'normalize_whitespace', 'capitalize'],
        'email' => ['trim', 'lower_case', 'email_filter'],
        'cpf'   => ['format_cpf'],
        'bio'   => ['strip_tags', 'html_encode'],
    ],
);

echo $result->get('name');  // "Walmir Silva"
echo $result->get('email'); // "admin@kariricode.org"
echo $result->get('cpf');   // "529.982.247-25"
echo $result->get('bio');   // "&lt;script&gt;...Bold"
```

---

Requirements
------------

[](#requirements)

RequirementVersionPHP8.4 or higherkariricode/property-inspector^2.0---

Installation
------------

[](#installation)

```
composer require kariricode/sanitizer
```

---

Quick Start
-----------

[](#quick-start)

```