PHPackages medilies/xssless - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Search & Filtering](/categories/search) 4. / 5. medilies/xssless ActiveLibrary[Search & Filtering](/categories/search) medilies/xssless ================ Clean your rich text from XSS threats. v0.4.0(1y ago)2928↓100%[1 issues](https://github.com/medilies/xssless/issues)MITPHPPHP ^8.2 Since Aug 7Pushed 1y ago3 watchersCompare [ Source](https://github.com/medilies/xssless)[ Packagist](https://packagist.org/packages/medilies/xssless)[ Docs](https://github.com/medilies/xssless)[ GitHub Sponsors](https://github.com/medilies)[ RSS](/packages/medilies-xssless/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (6)Dependencies (12)Versions (7)Used By (0) Clean your rich text from XSS threats ===================================== [](#clean-your-rich-text-from-xss-threats) [![Latest Version on Packagist](https://camo.githubusercontent.com/6bb986e09fc52c43d135d45152fdbeedcfe1e26989b62e980ae1990ffe76802a/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d6564696c6965732f7873736c6573732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/medilies/xssless)[![pest](https://camo.githubusercontent.com/bb5de26970bb2dd6842a42f22ae6f6eec8779f00be56e144339f9fc4198c5fe6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6d6564696c6965732f7873736c6573732f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/medilies/xssless/actions?query=workflow%3Arun-tests+branch%3Amain)[![phpstan](https://camo.githubusercontent.com/e05b117500dba5d4e188c488749aefd21dcf60557db68f37ad1e751ac4b33b54/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6d6564696c6965732f7873736c6573732f7068707374616e2e796d6c3f6272616e63683d6d61696e266c6162656c3d7068707374616e267374796c653d666c61742d737175617265)](https://github.com/medilies/xssless/actions?query=workflow%3A%22phpstan%22+branch%3Amain) [![workflow](./workflow.png)](./workflow.png) Why use Xssless --------------- [](#why-use-xssless) - Your application features a [Rich Text Editor](https://en.wikipedia.org/wiki/Online_rich-text_editor) and you want to prevent all XSS. - You want full HTML5 & CSS3 support. - You want to allow all safe HTML elements, their attributes, and CSS properties without going deep into whitelist configs. The default driver aligns with [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#html-sanitization) recommendations: > ... OWASP recommends **DOMPurify** for HTML Sanitization. Requirements ------------ [](#requirements) - PHP >= 8.2 - ext-json - Node >= 18 - NPM Installation ------------ [](#installation) Install the package via composer: ``` composer require medilies/xssless ``` For non Laravel projects, pick a config and run the following code: ``` $config = new Medilies\Xssless\Dompurify\DompurifyCliConfig('node', 'npm'); (new Medilies\Xssless\Xssless) ->using($config) ->setup(); ``` For Laravel projects, run the following command: ``` php artisan xssless:setup ``` Usage ----- [](#usage) Using `Medilies\Xssless\Dompurify\DompurifyCliConfig`: ``` (new Medilies\Xssless\Xssless) ->using(new Medilies\Xssless\Dompurify\DompurifyCliConfig) ->clean($html); ``` Using `Medilies\Xssless\Dompurify\DompurifyServiceConfig`: ``` $config = new Medilies\Xssless\Dompurify\DompurifyServiceConfig( host: '127.0.0.1', port: 63000 ); $xssless = (new Medilies\Xssless\Xssless) ->using($config); /** * It is better to have this part in a separate script * that runs continuously and independently from your app */ $xssless->start(); $xssless->clean($html); ``` ### Laravel usage [](#laravel-usage) You can publish the config file with: ``` php artisan vendor:publish --tag="xssless-config" ``` This is the contents of the published config file: ``` return [ 'default' => 'dompurify-cli', 'drivers' => [ 'dompurify-cli' => new DompurifyCliConfig( node: env('NODE_PATH', 'node'), // @phpstan-ignore argument.type npm: env('NPM_PATH', 'npm'), // @phpstan-ignore argument.type binary: null, tempFolder: null, ), 'dompurify-service' => new DompurifyServiceConfig( node: env('NODE_PATH', 'node'), // @phpstan-ignore argument.type npm: env('NPM_PATH', 'npm'), // @phpstan-ignore argument.type host: '127.0.0.1', port: 63000, binary: null, ), ], ]; ``` Run the following command (Not required by all drivers): ``` php artisan xssless:start ``` Use the facade: ``` Medilies\Xssless\Laravel\Facades\Xssless::clean($html); ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [medilies](https://github.com/medilies) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 29 — LowBetter than 60% of packages Maintenance35 Infrequent updates — may be unmaintained Popularity17 Limited adoption so far Community8 Small or concentrated contributor base Maturity46 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1 days Total 6 Last Release 634d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/e024d85d6159f76c1b1bc9c0608bdd2afab8b0724d0b9bb9ae45bf2a837d343f?d=identicon)[medilies](/maintainers/medilies) --- Top Contributors [![medilies](https://avatars.githubusercontent.com/u/35309918?v=4)](https://github.com/medilies "medilies (53 commits)") --- Tags cleanerhtmllaravelpurifiersanitizerxsslaravelsafehtmlsanitizerPurifierfilterxsscleanerprevent ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/medilies-xssless/health.svg) ``` [![Health](https://phpackages.com/badges/medilies-xssless/health.svg)](https://phpackages.com/packages/medilies-xssless) ``` ### Alternatives [htmlawed/htmlawed Official htmLawed PHP library for HTML filtering 401.1M9](/packages/htmlawed-htmlawed)[stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[stolz/laravel-html-tidy HTML Tidy middleware for Laravel 278.7k](/packages/stolz-laravel-html-tidy)[kalfheim/sanitizer Data sanitizer for PHP with built-in Laravel support. 1423.7k](/packages/kalfheim-sanitizer)[lincanbin/white-html-filter A lightweight php-based HTML tag and attribute whitelist filter. 1215.1k1](/packages/lincanbin-white-html-filter)[tapp/filament-value-range-filter Filament country code field. 2362.2k](/packages/tapp-filament-value-range-filter) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)