PHPackages snebes/html-sanitizer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)
1. [Directory](/)
2. /
3. [Validation & Sanitization](/categories/validation)
4. /
5. snebes/html-sanitizer
ActiveLibrary[Validation & Sanitization](/categories/validation)
snebes/html-sanitizer
=====================
Sanitize HTML5 strings
v1.0.5(10mo ago)015.7k↓50%1[1 PRs](https://github.com/snebes/html-sanitizer/pulls)MITPHPPHP ^7.1.3|^8.0CI failing
Since Feb 28Pushed 10mo ago1 watchersCompare
[ Source](https://github.com/snebes/html-sanitizer)[ Packagist](https://packagist.org/packages/snebes/html-sanitizer)[ Fund](https://www.paypal.me/snebes)[ RSS](/packages/snebes-html-sanitizer/feed)WikiDiscussions master Synced 1mo ago
READMEChangelog (10)Dependencies (4)Versions (15)Used By (0)
html-sanitizer
==============
[](#html-sanitizer)
[](https://packagist.org/packages/snebes/html-sanitizer)[](https://packagist.org/packages/snebes/html-sanitizer)[](https://scrutinizer-ci.com/g/snebes/html-sanitizer)[](https://scrutinizer-ci.com/g/snebes/html-sanitizer)[](https://scrutinizer-ci.com/g/snebes/html-sanitizer)
html-sanitizer is a library aiming at handling, cleaning and sanitizing HTML sent by external users (who you cannot trust), allowing you to store it and display it safely. It has sensible defaults to provide a great developer experience while still being entirely configurable.
Internally, the sanitizer has a deep understanding of HTML: it parses the input and create a tree of DOMNode objects, which it uses to keep only the safe elements from the content. By using this technique, it is safe (it works with a strict whitelist), fast and easily extensible.
It also provides useful features such as the possibility to transform images or iframes URLs to HTTPS.
Security Issues
---------------
[](#security-issues)
If you discover a security vulnerability within the sanitizer, please follow [our disclosure procedure](https://github.com/snebes/html-sanitizer/blob/master/docs/A-security-disclosure-procedure.md).
Backward Compatibility promise
------------------------------
[](#backward-compatibility-promise)
This library follows the same Backward Compatibility promise as the Symfony framework:
> *Note*: many classes in this library are either marked `@final` or `@internal`. `@internal` classes are excluded from any Backward Compatiblity promise (you should not use them in your code) whereas `@final` classes can be used but should not be extended (use composition instead).
Thanks
------
[](#thanks)
Many thanks to:
- [The Open Web Application Security Project](https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project)from which many of the tests of this library are extracted (more specifically from [OWASP/java-html-sanitizer](https://github.com/OWASP/java-html-sanitizer)) ;
- [Masterminds/html5-php](https://github.com/Masterminds/html5-php) which is a great HTML5 parser, used by default in this library ;
- [tgalopin/html-sanitizer](https://github.com/tgalopin/html-sanitizer): from which this library is a hard-fork from.
### Health Score
45
—
FairBetter than 93% of packages
Maintenance54
Moderate activity, may be stable
Popularity25
Limited adoption so far
Community13
Small or concentrated contributor base
Maturity73
Established project with proven stability
Bus Factor2
2 contributors hold 50%+ of commits
How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.
**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.
**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.
**Maturity (30%)** — Project age, version count, PHP version support, and release stability.
### Release Activity
Cadence
Every ~210 days
Recently: every ~563 days
Total
12
Last Release
321d ago
Major Versions
v0.9.6 → v1.0.02019-04-28
PHP version history (3 changes)v0.9.1PHP >=7.1
v1.0.3PHP ^7.1.3
v1.0.4PHP ^7.1.3|^8.0
### Community
Maintainers
[snebes](/maintainers/snebes)
---
Top Contributors
[](https://github.com/tgalopin "tgalopin (65 commits)")[](https://github.com/snebes "snebes (61 commits)")[](https://github.com/vradev-ph "vradev-ph (3 commits)")[](https://github.com/javiereguiluz "javiereguiluz (1 commits)")[](https://github.com/paragonie-security "paragonie-security (1 commits)")
### Code Quality
TestsPHPUnit
### Embed Badge
```
[](https://phpackages.com/packages/snebes-html-sanitizer)
```
### Alternatives
[sylius/sylius
E-Commerce platform for PHP, based on Symfony framework.
8.4k5.6M651](/packages/sylius-sylius)[shopware/platform
The Shopware e-commerce core
3.3k1.5M3](/packages/shopware-platform)[aporat/store-receipt-validator
PHP receipt validator for Apple App Store and Amazon Appstore
6503.9M9](/packages/aporat-store-receipt-validator)[drupal/core
Drupal is an open source content management platform powering millions of websites and applications.
19562.3M1.3k](/packages/drupal-core)[typo3/html-sanitizer
HTML sanitizer aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.
279.6M2](/packages/typo3-html-sanitizer)[j0k3r/php-readability
Automatic article extraction from HTML
186808.8k6](/packages/j0k3r-php-readability)
PHPackages © 2026
[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)