PHPackages tgalopin/html-sanitizer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. tgalopin/html-sanitizer Abandoned → [symfony/html-sanitizer](/?search=symfony%2Fhtml-sanitizer)ArchivedLibrary[Validation & Sanitization](/categories/validation) tgalopin/html-sanitizer ======================= Sanitize untrustworthy HTML user input 1.5.0(4y ago)3865.5M↓15.2%40[20 issues](https://github.com/tgalopin/html-sanitizer/issues)[5 PRs](https://github.com/tgalopin/html-sanitizer/pulls)7MITPHPPHP >=7.1 Since Oct 16Pushed 3y ago15 watchersCompare [ Source](https://github.com/tgalopin/html-sanitizer)[ Packagist](https://packagist.org/packages/tgalopin/html-sanitizer)[ RSS](/packages/tgalopin-html-sanitizer/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (9)Dependencies (5)Versions (15)Used By (7) html-sanitizer ============== [](#html-sanitizer) > This library is deprecated as it was merged into Symfony as the HtmlSanitizer component in Symfony 6.1: [https://symfony.com/doc/current/html\_sanitizer.html](https://symfony.com/doc/current/html_sanitizer.html) [![Build Status](https://camo.githubusercontent.com/5de4444eb039b6d41b20310dca675f82e0dd883b8eb13990300225180d400314/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f7467616c6f70696e2f68746d6c2d73616e6974697a65722f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/tgalopin/html-sanitizer)[![Packagist Version](https://camo.githubusercontent.com/f3d5e16b3e66e3baf3bcfdf82d660825f6b961568277323a963ce4c499126680/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7467616c6f70696e2f68746d6c2d73616e6974697a65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tgalopin/html-sanitizer)[![Software license](https://camo.githubusercontent.com/bc8702e73f19b7186daf28e310e8895ed45b194350b8b66ba75e73ae5eaeb3c8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f7467616c6f70696e2f68746d6c2d73616e6974697a65722e7376673f7374796c653d666c61742d737175617265)](https://github.com/tgalopin/html-sanitizer/blob/master/LICENSE) [![SymfonyInsight](https://camo.githubusercontent.com/59fe70f6d5e333e9e6ff39efae27d32fdd341c23ebda92858e6fd40fe34e6057/68747470733a2f2f696e73696768742e73796d666f6e792e636f6d2f70726f6a656374732f62656664356135622d353734632d346265612d396334662d3361643230323732396131622f6269672e737667)](https://insight.symfony.com/projects/befd5a5b-574c-4bea-9c4f-3ad202729a1b) html-sanitizer is a library aiming at handling, cleaning and sanitizing HTML sent by external users (who you cannot trust), allowing you to store it and display it safely. It has sensible defaults to provide a great developer experience while still being entirely configurable. Internally, the sanitizer has a deep understanding of HTML: it parses the input and create a tree of DOMNode objects, which it uses to keep only the safe elements from the content. By using this technique, it is safe (it works with a strict whitelist), fast and easily extensible. It also provides useful features such as the possibility to transform images or iframes URLs to HTTPS. Symfony integration ------------------- [](#symfony-integration) This library is also available as [a Symfony bundle](https://github.com/tgalopin/html-sanitizer-bundle). Documentation ------------- [](#documentation) 1. [Getting started](https://github.com/tgalopin/html-sanitizer/blob/master/docs/1-getting-started.md) 2. [Creating an extension to allow custom tags](https://github.com/tgalopin/html-sanitizer/blob/master/docs/2-creating-an-extension-to-allow-custom-tags.md) 3. [Configuration reference](https://github.com/tgalopin/html-sanitizer/blob/master/docs/3-configuration-reference.md) 4. [Comparison with HTMLPurifier](https://github.com/tgalopin/html-sanitizer/blob/master/docs/4-comparison-with-htmlpurifier.md) Security Issues --------------- [](#security-issues) If you discover a security vulnerability within the sanitizer, please follow [our disclosure procedure](https://github.com/tgalopin/html-sanitizer/blob/master/docs/A-security-disclosure-procedure.md). Backward Compatibility promise ------------------------------ [](#backward-compatibility-promise) This library follows the same Backward Compatibility promise as the Symfony framework: > *Note*: many classes in this library are either marked `@final` or `@internal`. `@internal` classes are excluded from any Backward Compatiblity promise (you should not use them in your code) whereas `@final` classes can be used but should not be extended (use composition instead). Thanks ------ [](#thanks) Many thanks to: - [The Open Web Application Security Project](https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project)from which many of the tests of this library are extracted (more specifically from [OWASP/java-html-sanitizer](https://github.com/OWASP/java-html-sanitizer)) ; - [Masterminds/html5-php](https://github.com/Masterminds/html5-php) which is a great HTML5 parser, used by default in this library ; - [The PHP League URI parser](http://uri.thephpleague.com/) which allows this library to filter hosts safely ; ### Health Score 48 — FairBetter than 95% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity64 Solid adoption and visibility Community33 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 87.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~88 days Recently: every ~254 days Total 13 Last Release 1708d ago Major Versions 0.5.0 → 1.0.02018-11-18 ### Community Maintainers ![](https://www.gravatar.com/avatar/bf5cd47f55eb8a801bab7ce80901bada792f1d5fef54678852b118e189e92606?d=identicon)[tgalopin](/maintainers/tgalopin) --- Top Contributors [![tgalopin](https://avatars.githubusercontent.com/u/1651494?v=4)](https://github.com/tgalopin "tgalopin (81 commits)")[![norkunas](https://avatars.githubusercontent.com/u/2722872?v=4)](https://github.com/norkunas "norkunas (2 commits)")[![Lctrs](https://avatars.githubusercontent.com/u/5477973?v=4)](https://github.com/Lctrs "Lctrs (2 commits)")[![olegatro](https://avatars.githubusercontent.com/u/4980366?v=4)](https://github.com/olegatro "olegatro (1 commits)")[![paragonie-security](https://avatars.githubusercontent.com/u/15914520?v=4)](https://github.com/paragonie-security "paragonie-security (1 commits)")[![snebes](https://avatars.githubusercontent.com/u/666333?v=4)](https://github.com/snebes "snebes (1 commits)")[![sukant-kar](https://avatars.githubusercontent.com/u/69027716?v=4)](https://github.com/sukant-kar "sukant-kar (1 commits)")[![fbastien](https://avatars.githubusercontent.com/u/1044141?v=4)](https://github.com/fbastien "fbastien (1 commits)")[![voku](https://avatars.githubusercontent.com/u/264695?v=4)](https://github.com/voku "voku (1 commits)")[![javiereguiluz](https://avatars.githubusercontent.com/u/73419?v=4)](https://github.com/javiereguiluz "javiereguiluz (1 commits)")[![martijnve](https://avatars.githubusercontent.com/u/2990030?v=4)](https://github.com/martijnve "martijnve (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/tgalopin-html-sanitizer/health.svg) ``` [![Health](https://phpackages.com/badges/tgalopin-html-sanitizer/health.svg)](https://phpackages.com/packages/tgalopin-html-sanitizer) ``` ### Alternatives [aporat/store-receipt-validator PHP receipt validator for Apple App Store and Amazon Appstore 6503.9M9](/packages/aporat-store-receipt-validator)[drupal/core Drupal is an open source content management platform powering millions of websites and applications. 19562.3M1.3k](/packages/drupal-core)[typo3/html-sanitizer HTML sanitizer aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. 279.6M2](/packages/typo3-html-sanitizer)[j0k3r/php-readability Automatic article extraction from HTML 186808.8k6](/packages/j0k3r-php-readability)[j-ben87/parsley-bundle Convert Symfony constraints into data-attributes for client-side validation with Parsley. 1432.7k](/packages/j-ben87-parsley-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)