PHPackages                             rhukster/dom-sanitizer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Validation &amp; Sanitization](/categories/validation)
4. /
5. rhukster/dom-sanitizer

ActiveLibrary[Validation &amp; Sanitization](/categories/validation)

rhukster/dom-sanitizer
======================

A simple but effective DOM/SVG/MathML Sanitizer for PHP 7.4+

1.0.11(2mo ago)112.8M↓21.9%44MITPHPPHP &gt;=7.3

Since Sep 22Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/rhukster/dom-sanitizer)[ Packagist](https://packagist.org/packages/rhukster/dom-sanitizer)[ RSS](/packages/rhukster-dom-sanitizer/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (10)Dependencies (2)Versions (13)Used By (4)Security (2)

DOMSanitizer
============

[](#domsanitizer)

A simple but effective DOM/SVG/MathML Sanitizer for PHP 7.3+. This was created due to my requirements for a performant DOM and specifically SVG sanitizer that was MIT compatible.

This borrows the extensive list of valid tags and attributes in the excellent [DOMPurify](https://github.com/cure53/DOMPurify) library for JavaScript, but uses PHP DOMDocument to parse the DOM and filter out dangerous tags and attributes.

Installation
------------

[](#installation)

```
composer require rhukster/dom-sanitizer
```

Options
-------

[](#options)

Options can be passed to the `sanitize()` method as an optional array. Default values are:

```
$options = [
    'remove-namespaces' => false,
    'remove-php-tags' => true,
    'remove-html-tags' => true,
    'remove-xml-tags' => true,
    'compress-output' => true,
];
```

Usage
-----

[](#usage)

### Sanitizing HTML

[](#sanitizing-html)

The default option but provides with the full list of HTML tags and attributes.

```
require 'vendor/autoload.php';

use Rhukster\DomSanitizer\DOMSanitizer;

$input = file_get_contents('bad.html');

$sanitizer = new DOMSanitizer(DOMSanitizer::HTML);
$output = $sanitizer->sanitize($input, [
    'remove-html-tags' => false,
]);
```

### Sanitizing SVG

[](#sanitizing-svg)

You can limit the valid tags and attributes by passing `DOMSanitizer::SVG` to the constructor. This is advisable if you know you are dealing with SVGs.

```
require 'vendor/autoload.php';

use Rhukster\DomSanitizer\DOMSanitizer;

$input = file_get_contents('bad.svg');
$sanitizer = new DOMSanitizer(DOMSanitizer::SVG);
$output = $sanitizer->sanitize($input);
```

### Sanitizing MathML

[](#sanitizing-mathml)

You can limit the valid tags and attributes by passing `DOMSanitizer::MATHML` to the constructor. This is advisable if you know you are dealing with MathML code.

```
require 'vendor/autoload.php';

use Rhukster\DomSanitizer\DOMSanitizer;

$input = file_get_contents('mathml-sample.xml');
$sanitizer = new DOMSanitizer(DOMSanitizer::MATHML);
$output = $sanitizer->sanitize($input, [
    'compress-output' => false,
]);
```

### Modifying the allowed tags and attributes

[](#modifying-the-allowed-tags-and-attributes)

You have full access to the tags and attributes via the following methods:

```
public function addAllowedTags(array $allowed_tags): void

public function addAllowedAttributes(array $allowed_attributes): void

public function addDisallowedTags(array $disallowed_tags): void

public function addDisallowedAttributes(array $disallowed_attributes): void

public function getAllowedTags(): array

public function setAllowedTags(array $allowed_tags): void

public function getAllowedAttributes(): array

public function setAllowedAttributes(array $allowed_attributes): void

public function getDisallowedTags(): array

public function setDisallowedTags(array $disallowed_tags): void

public function getDisallowedAttributes(): array

public function setDisallowedAttributes($disallowed_attributes): void
```

###  Health Score

55

—

FairBetter than 97% of packages

Maintenance86

Actively maintained with recent releases

Popularity50

Moderate usage in the ecosystem

Community20

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 96.7% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~152 days

Recently: every ~224 days

Total

12

Last Release

72d ago

PHP version history (2 changes)1.0.0PHP &gt;=7.4

1.0.4PHP &gt;=7.3

### Community

Maintainers

![](https://www.gravatar.com/avatar/6a85f5988e5b0457d61a12de933780ad099689271767b717feba55f04723c453?d=identicon)[rhukster](/maintainers/rhukster)

---

Top Contributors

[![rhukster](https://avatars.githubusercontent.com/u/1084697?v=4)](https://github.com/rhukster "rhukster (29 commits)")[![DeepDiver1975](https://avatars.githubusercontent.com/u/1005065?v=4)](https://github.com/DeepDiver1975 "DeepDiver1975 (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/rhukster-dom-sanitizer/health.svg)

```
[![Health](https://phpackages.com/badges/rhukster-dom-sanitizer/health.svg)](https://phpackages.com/packages/rhukster-dom-sanitizer)
```

###  Alternatives

[marcosh/php-validation-dsl

A DSL for validating data in a functional fashion

483.9k](/packages/marcosh-php-validation-dsl)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
