PHPackages seasonfive/html-validator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. seasonfive/html-validator ActiveLibrary[Validation & Sanitization](/categories/validation) seasonfive/html-validator ========================= A simple HTML fragments validator 1.0.0(5y ago)09MITPHPPHP >= 7.0 Since Apr 27Pushed 5y agoCompare [ Source](https://github.com/season-five/php-html-validator)[ Packagist](https://packagist.org/packages/seasonfive/html-validator)[ Docs](https://github.com/season-five/php-html-validator)[ RSS](/packages/seasonfive-html-validator/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependencies (2)Versions (2)Used By (0) HTML Validator ============== [](#html-validator) A simple rule-based HTML validator that actually parses input HTML with [an HTML5 parser](https://github.com/Masterminds/html5-php). Usually, taking HTML as input in the server-side is generally not a good idea, and in most cases, what you want is an HTML sanitizer. However, if you should, this HTML validator should come in handy. [![Latest Version](https://camo.githubusercontent.com/1e45dc601e45ce30741073217897da3b9ae5dfeeb6ebfd7597a9abf96b105aa6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f736561736f6e2d666976652f7068702d68746d6c2d76616c696461746f722e7376673f7374796c653d666c61742d737175617265)](https://github.com/season-five/php-html-validator/releases)[![Build Status](https://camo.githubusercontent.com/26ccba42b65468fb8aa49e681011998477bf2c9d309133aba7de17d013202b8a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f736561736f6e2d666976652f7068702d68746d6c2d76616c696461746f722f43493f6c6162656c3d63692532306275696c64267374796c653d666c61742d737175617265)](https://github.com/season-five/php-html-validator/actions?query=workflow%3ACI)[![Total Downloads](https://camo.githubusercontent.com/31f04a011101f67def8c6c2176dbc053f0006cc462c364b25d30ab17cd7cfac7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f736561736f6e666976652f68746d6c2d76616c696461746f722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/seasonfive/html-validator) Installation ============ [](#installation) Add the 'seasonfive/html-validator' to your `composer.json` file as follows: ``` { "require": { "seasonfive/html-validator": "^1.0" } } ``` or invoke `composer require` command (assuming `composer` binary is available in the path) as follows: ``` $ composer require seasonfive/html-validator ``` Usage ===== [](#usage) ``` $validator = new Validator([ 'tags' => [ 'deny' => ['script', 'svg', 'img'], 'overrides' => ['a' => ['img']] ], 'attrs' => [ 'allow' => ['href', 'div' => ['data-role']] ] ]); if ($validator->validate('link')) { print "Valid!!\n"; } ``` Errors ------ [](#errors) More detailed reports on what errors are encountered, if any, may be obtained if you pass a variable as follows: ``` if (!$validator->validate('link', false, $errors)) { var_dump($errors); } ``` Above, `$errors` is passed an array containing `ValidationError`s and `ParseError`. `ValidationError` designates where in the HTML an error is occurred, and `ParseError` where parsing failed. Disabling Fail Fast ------------------- [](#disabling-fail-fast) In most cases, you would want `Validator` to report error as soon as it pinpoints the first one and stop further validation. However, it is also possible to continue to parse the input HTML and report all the errors at once as shown in the example in `Errors` section above, where the second argument to `validate` call is set to `false`. If not specified, `Validator` always fails fast. Writing Rules ============= [](#writing-rules) Rules for tags and attributes are specified in an array and given to the constructor of `Validator`. The rule array has `tags` and `attrs` keys, which contain rules for tags and attributes respectively. Note that any of them may be omitted meaning nothing is denied. Allow/Deny ---------- [](#allowdeny) `tags` and `attrs` have another array as their values, the formats of which are identical. In the array, either `allow`or `deny` key may be specified. `allow` means only those specified explicitly allowed and all the others are denied ( that is, invalid). Conversely, `deny` means only explicitly specified ones are denied and all the others allowed. Overrides --------- [](#overrides) Optionally, `overrides` may be specified to override what is specified under either `allow` or `deny`. For instance, when `allow` is specified, `overrides` lists what must be denied. Usually more specific rules than those in `allow`or `deny` are listed there. Tags and Attributes ------------------- [](#tags-and-attributes) In each of `allow`, `deny`, and `overrides`, tags and attributes are listed, where they can be nested as follows: ``` [ 'tags' => [ 'allow' => ['script', 'div' => ['p', 'a']] ], 'attrs' => [ 'deny' => ['onmouseover', 'onclick'], 'overrides' => ['a' => ['onclick'], 'html' => ['body' => ['div' => 'onmouseover']]] ] ] ``` In `tags` array, the leaf (the deepest in the nested arrays) strings are tag names, and in `attrs`, attribute names. Nesting means the rule applies to the tag or attribute only if it is nested the same way as the rule. For example, in the above example, `'html' => ['body' => ['div' => 'onmouseover']` means the rule is effective only to `onmouseover`if it is specified to a `div` tag directly in a `body`, in turn, in an `html` tag. Matcher ------- [](#matcher) Instead of a string value, `Matcher` instance may be given as follows: ``` [ 'tags' => [ 'allow' => ['script', 'div' => new TypeMatcher()] ] ] ``` In the above example, `TypeMatcher` implements `Matcher` interface, and it may implement more sophisticated matching rule. The `Matcher` implements the following function, which gets called to see if a tag or attribute is actually matched, and the rule should be applied or not: ``` public function match(array $path, $context, string &$reason): bool ``` `$context` is given a `TagContext` for tags, and string values for attributes. ### Health Score 21 — LowBetter than 18% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity47 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1847d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/570120?v=4)[Kim, DoHyung](/maintainers/dynaxis)[@dynaxis](https://github.com/dynaxis) --- Top Contributors [![dynaxis](https://avatars.githubusercontent.com/u/570120?v=4)](https://github.com/dynaxis "dynaxis (2 commits)") --- Tags validatorvalidationhtml ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/seasonfive-html-validator/health.svg) ``` [![Health](https://phpackages.com/badges/seasonfive-html-validator/health.svg)](https://phpackages.com/packages/seasonfive-html-validator) ``` ### Alternatives [vlucas/valitron Simple, elegant, stand-alone validation library with NO dependencies 1.6k4.4M128](/packages/vlucas-valitron)[wixel/gump A fast, extensible & stand-alone PHP input validation class that allows you to validate any data. 1.2k1.3M30](/packages/wixel-gump)[particle/validator Flexible and highly usable validation library with no dependencies. 2521.7M10](/packages/particle-validator)[phpexperts/datatype-validator An easy to use data type validator (both strict and fuzzy). 141.1M2](/packages/phpexperts-datatype-validator)[codeonyii/yii2-at-least-validator Validates at least one (or more) attributes. 28253.5k1](/packages/codeonyii-yii2-at-least-validator)[dragon-code/card-number Generation and verification of card numbers using Luhn's algorithm. 6512.8k](/packages/dragon-code-card-number) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)