PHPackages rhukster/dom-sanitizer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. rhukster/dom-sanitizer ActiveLibrary[Validation & Sanitization](/categories/validation) rhukster/dom-sanitizer ====================== A simple but effective DOM/SVG/MathML Sanitizer for PHP 7.4+ 1.0.8(2y ago)112.3M—0%44MITPHPPHP >=7.3 Since Sep 22Pushed 1mo ago1 watchersCompare [ Source](https://github.com/rhukster/dom-sanitizer)[ Packagist](https://packagist.org/packages/rhukster/dom-sanitizer)[ RSS](/packages/rhukster-dom-sanitizer/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (1)Versions (10)Used By (4)Security (1) DOMSanitizer ============ [](#domsanitizer) A simple but effective DOM/SVG/MathML Sanitizer for PHP 7.3+. This was created due to my requirements for a performant DOM and specifically SVG sanitizer that was MIT compatible. This borrows the extensive list of valid tags and attributes in the excellent [DOMPurify](https://github.com/cure53/DOMPurify) library for JavaScript, but uses PHP DOMDocument to parse the DOM and filter out dangerous tags and attributes. Installation ------------ [](#installation) ``` composer require rhukster/dom-sanitizer ``` Options ------- [](#options) Options can be passed to the `sanitize()` method as an optional array. Default values are: ``` $options = [ 'remove-namespaces' => false, 'remove-php-tags' => true, 'remove-html-tags' => true, 'remove-xml-tags' => true, 'compress-output' => true, ]; ``` Usage ----- [](#usage) ### Sanitizing HTML [](#sanitizing-html) The default option but provides with the full list of HTML tags and attributes. ``` require 'vendor/autoload.php'; use Rhukster\DomSanitizer\DOMSanitizer; $input = file_get_contents('bad.html'); $sanitizer = new DOMSanitizer(DOMSanitizer::HTML); $output = $sanitizer->sanitize($input, [ 'remove-html-tags' => false, ]); ``` ### Sanitizing SVG [](#sanitizing-svg) You can limit the valid tags and attributes by passing `DOMSanitizer::SVG` to the constructor. This is advisable if you know you are dealing with SVGs. ``` require 'vendor/autoload.php'; use Rhukster\DomSanitizer\DOMSanitizer; $input = file_get_contents('bad.svg'); $sanitizer = new DOMSanitizer(DOMSanitizer::SVG); $output = $sanitizer->sanitize($input); ``` ### Sanitizing MathML [](#sanitizing-mathml) You can limit the valid tags and attributes by passing `DOMSanitizer::MATHML` to the constructor. This is advisable if you know you are dealing with MathML code. ``` require 'vendor/autoload.php'; use Rhukster\DomSanitizer\DOMSanitizer; $input = file_get_contents('mathml-sample.xml'); $sanitizer = new DOMSanitizer(DOMSanitizer::MATHML); $output = $sanitizer->sanitize($input, [ 'compress-output' => false, ]); ``` ### Modifying the allowed tags and attributes [](#modifying-the-allowed-tags-and-attributes) You have full access to the tags and attributes via the following methods: ``` public function addAllowedTags(array $allowed_tags): void public function addAllowedAttributes(array $allowed_attributes): void public function addDisallowedTags(array $disallowed_tags): void public function addDisallowedAttributes(array $disallowed_attributes): void public function getAllowedTags(): array public function setAllowedTags(array $allowed_tags): void public function getAllowedAttributes(): array public function setAllowedAttributes(array $allowed_attributes): void public function getDisallowedTags(): array public function setDisallowedTags(array $disallowed_tags): void public function getDisallowedAttributes(): array public function setDisallowedAttributes($disallowed_attributes): void ``` ### Health Score 48 — FairBetter than 95% of packages Maintenance60 Regular maintenance activity Popularity50 Moderate usage in the ecosystem Community17 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 96.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~117 days Recently: every ~233 days Total 9 Last Release 763d ago PHP version history (2 changes)1.0.0PHP >=7.4 1.0.4PHP >=7.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/6a85f5988e5b0457d61a12de933780ad099689271767b717feba55f04723c453?d=identicon)[rhukster](/maintainers/rhukster) --- Top Contributors [![rhukster](https://avatars.githubusercontent.com/u/1084697?v=4)](https://github.com/rhukster "rhukster (27 commits)")[![DeepDiver1975](https://avatars.githubusercontent.com/u/1005065?v=4)](https://github.com/DeepDiver1975 "DeepDiver1975 (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/rhukster-dom-sanitizer/health.svg) ``` [![Health](https://phpackages.com/badges/rhukster-dom-sanitizer/health.svg)](https://phpackages.com/packages/rhukster-dom-sanitizer) ``` ### Alternatives [webmozart/assert Assertions to validate method input/output with nice error messages. 7.6k894.0M1.2k](/packages/webmozart-assert)[bensampo/laravel-enum Simple, extensible and powerful enumeration implementation for Laravel. 2.0k15.9M104](/packages/bensampo-laravel-enum)[swaggest/json-schema High definition PHP structures with JSON-schema based validation 48612.5M73](/packages/swaggest-json-schema)[stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[ashallendesign/laravel-config-validator A package for validating your Laravel app's config. 217905.3k5](/packages/ashallendesign-laravel-config-validator)[crazybooot/base64-validation Laravel validators for base64 encoded files 1341.9M8](/packages/crazybooot-base64-validation) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)