PHPackages t3g/svg-sanitize-elts7 - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. t3g/svg-sanitize-elts7 AbandonedArchivedLibrary[Security](/categories/security) t3g/svg-sanitize-elts7 ====================== An SVG sanitizer for PHP 0.15.4.1(4y ago)011.4kGPL-2.0-or-laterPHPPHP ^5.5 || ^7.0 Since Jun 19Pushed 4y agoCompare [ Source](https://github.com/TYPO3GmbH/svg-sanitize-elts7)[ Packagist](https://packagist.org/packages/t3g/svg-sanitize-elts7)[ RSS](/packages/t3g-svg-sanitize-elts7/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (49)Used By (0) svg-sanitizer ============= [](#svg-sanitizer) ⚠️ **This is an interim package for TYPO3 CMS 7.6 ELTS only, providing changes to be compatible with PHP 5.5! As soon support for TYPO3 CMS 7.6 ETLS is dropped, this package will be abandoned as well. Using this package in any other scope is not and will not be supported.** Installation ------------ [](#installation) Either require `t3g/svg-sanitize-elts7` through composer or download the repo and include the old way! Usage ----- [](#usage) Using this is fairly easy. Create a new instance of `enshrined\svgSanitize\Sanitizer` and then call the `sanitize` whilst passing in your dirty SVG/XML **Basic Example** ``` use enshrined\svgSanitize\Sanitizer; // Create a new sanitizer instance $sanitizer = new Sanitizer(); // Load the dirty svg $dirtySVG = file_get_contents('filthy.svg'); // Pass it to the sanitizer and get it back clean $cleanSVG = $sanitizer->sanitize($dirtySVG); // Now do what you want with your clean SVG/XML data ``` Output ------ [](#output) This will either return a sanitized SVG/XML string or boolean `false` if XML parsing failed (usually due to a badly formatted file). Options ------- [](#options) You may pass your own whitelist of tags and attributes by using the `Sanitizer::setAllowedTags` and `Sanitizer::setAllowedAttrs` methods respectively. These methods require that you implement the `enshrined\svgSanitize\data\TagInterface` or `enshrined\svgSanitize\data\AttributeInterface`. Remove remote references ------------------------ [](#remove-remote-references) You have the option to remove attributes that reference remote files, this will stop HTTP leaks but will add an overhead to the sanitizer. This defaults to false, set to true to remove references. `$sanitizer->removeRemoteReferences(true);` Viewing Sanitization Issues --------------------------- [](#viewing-sanitization-issues) You may use the `getXmlIssues()` method to return an array of issues that occurred during sanitization. This may be useful for logging or providing feedback to the user on why an SVG was refused. `$issues = $sanitizer->getXmlIssues();` Minification ------------ [](#minification) You can minify the XML output by calling `$sanitizer->minify(true);`. Demo ---- [](#demo) There is a demo available at: WordPress --------- [](#wordpress) I've just released a WordPress plugin containing this code so you can sanitize your WordPress uploads. It's available from the WordPress plugin directory: Drupal ------ [](#drupal) [Michael Potter](https://github.com/heyMP) has kindly created a Drupal module for this library which is available at: [https://www.drupal.org/project/svg\_sanitizer](https://www.drupal.org/project/svg_sanitizer) TYPO3 ----- [](#typo3) An integration for TYPO3 CMS of this library is available as composer package `t3g/svg-sanitizer` at [https://github.com/TYPO3GmbH/svg\_sanitizer](https://github.com/TYPO3GmbH/svg_sanitizer) Tests ----- [](#tests) You can run these by running `vendor/bin/phpunit` from the base directory of this package. Standalone scanning of files via CLI ------------------------------------ [](#standalone-scanning-of-files-via-cli) Thanks to the work by [gudmdharalds](https://github.com/gudmdharalds) there's now a standalone scanner that can be used via the CLI. Any errors will be output in JSON format. See [the PR](https://github.com/darylldoyle/svg-sanitizer/pull/25) for an example. Use it as follows: `php svg-scanner.php ~/svgs/myfile.svg` To-Do ----- [](#to-do) More extensive testing for the SVGs/XML would be lovely, I'll try and add these soon. If you feel like doing it for me, please do and make a PR! ### Health Score 32 — LowBetter than 72% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community14 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 62.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~59 days Recently: every ~2 days Total 42 Last Release 1540d ago PHP version history (2 changes)0.14.1PHP ^7.0 || ^8.0 0.15.4PHP ^5.5 || ^7.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/63373213aae432ce35282f7b1f0843556ca1127c9e2ea39dbeffd990c41c4427?d=identicon)[typo3com](/maintainers/typo3com) --- Top Contributors [![darylldoyle](https://avatars.githubusercontent.com/u/968731?v=4)](https://github.com/darylldoyle "darylldoyle (83 commits)")[![ohader](https://avatars.githubusercontent.com/u/402145?v=4)](https://github.com/ohader "ohader (27 commits)")[![gudmdharalds](https://avatars.githubusercontent.com/u/8835135?v=4)](https://github.com/gudmdharalds "gudmdharalds (8 commits)")[![angrybrad](https://avatars.githubusercontent.com/u/61869?v=4)](https://github.com/angrybrad "angrybrad (5 commits)")[![adamroyle](https://avatars.githubusercontent.com/u/25002779?v=4)](https://github.com/adamroyle "adamroyle (2 commits)")[![andreaskienast](https://avatars.githubusercontent.com/u/1787983?v=4)](https://github.com/andreaskienast "andreaskienast (2 commits)")[![snipe](https://avatars.githubusercontent.com/u/197404?v=4)](https://github.com/snipe "snipe (1 commits)")[![hugopeek](https://avatars.githubusercontent.com/u/5436121?v=4)](https://github.com/hugopeek "hugopeek (1 commits)")[![joshuabaker](https://avatars.githubusercontent.com/u/160484?v=4)](https://github.com/joshuabaker "joshuabaker (1 commits)")[![SeinopSys](https://avatars.githubusercontent.com/u/3200580?v=4)](https://github.com/SeinopSys "SeinopSys (1 commits)")[![abarkine](https://avatars.githubusercontent.com/u/4799171?v=4)](https://github.com/abarkine "abarkine (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/t3g-svg-sanitize-elts7/health.svg) ``` [![Health](https://phpackages.com/badges/t3g-svg-sanitize-elts7/health.svg)](https://phpackages.com/packages/t3g-svg-sanitize-elts7) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)