PHPackages xemlock/htmlpurifier-html5 - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. xemlock/htmlpurifier-html5 ActiveLibrary[Validation & Sanitization](/categories/validation) xemlock/htmlpurifier-html5 ========================== HTML5 support for HTML Purifier v0.1.12(3mo ago)1052.9M—2.3%14[1 issues](https://github.com/xemlock/htmlpurifier-html5/issues)11MITPHPPHP >=5.3CI passing Since Feb 18Pushed 3mo ago9 watchersCompare [ Source](https://github.com/xemlock/htmlpurifier-html5)[ Packagist](https://packagist.org/packages/xemlock/htmlpurifier-html5)[ Docs](https://github.com/xemlock/htmlpurifier-html5)[ RSS](/packages/xemlock-htmlpurifier-html5/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (4)Versions (18)Used By (11) HTML5 Definitions for HTML Purifier =================================== [](#html5-definitions-for-html-purifier) [![Build Status](https://github.com/xemlock/htmlpurifier-html5/workflows/build/badge.svg)](https://github.com/xemlock/htmlpurifier-html5/actions?query=workflow/build)[![Coverage Status](https://camo.githubusercontent.com/f1c1bd483771e80aa41704640561b8376a2d53528693f8a8ec69456e1b66e29d/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f78656d6c6f636b2f68746d6c70757269666965722d68746d6c352f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/xemlock/htmlpurifier-html5?branch=master)[![Latest Stable Version](https://camo.githubusercontent.com/18cc456f7b75410b3e382709b2366440ec1a2cae04dcef24d9e5d027da146f1e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f78656d6c6f636b2f68746d6c70757269666965722d68746d6c352e737667)](https://packagist.org/packages/xemlock/htmlpurifier-html5)[![Total Downloads](https://camo.githubusercontent.com/7689bb69a3c371f3862e1a76687f1ac2d5db0ce10ef785d7392461156f45e68b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f78656d6c6f636b2f68746d6c70757269666965722d68746d6c352e737667)](https://packagist.org/packages/xemlock/htmlpurifier-html5/stats)[![License](https://camo.githubusercontent.com/7fda2691da114e810d42b961160ef87c318211e6f663adf811621bdbe23faec4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f78656d6c6f636b2f68746d6c70757269666965722d68746d6c352e737667)](https://packagist.org/packages/xemlock/htmlpurifier-html5) This library provides HTML5 element definitions for [HTML Purifier](https://github.com/ezyang/htmlpurifier), compliant with the [WHATWG spec](https://html.spec.whatwg.org/). It is the most complete HTML5-compliant solution among all based on HTML Purifier. Apart from providing the most extensive set of element definitions, it provides tidy/sanitization rules for transforming the input into a valid HTML5 output. Installation ------------ [](#installation) Install with [Composer](https://getcomposer.org/) by running the following command: ``` composer require xemlock/htmlpurifier-html5 ``` Usage ----- [](#usage) The most basic usage is similar to the original HTML Purifier. Create a HTML5-compatible config using `HTMLPurifier_HTML5Config::createDefault()` factory method, and then pass it to an `HTMLPurifier` instance: ``` $config = HTMLPurifier_HTML5Config::createDefault(); $purifier = new HTMLPurifier($config); $clean_html5 = $purifier->purify($dirty_html5); ``` To modify the config you can either instantiate the config with a configuration array passed to `HTMLPurifier_HTML5Config::create()`, or by calling `set` method on an already existing config instance. For example, to allow `IFRAME`s with Youtube videos you can do the following: ``` $config = HTMLPurifier_HTML5Config::create(array( 'HTML.SafeIframe' => true, 'URI.SafeIframeRegexp' => '%^//www\.youtube\.com/embed/%', )); ``` or equivalently: ``` $config = HTMLPurifier_HTML5Config::createDefault(); $config->set('HTML.SafeIframe', true); $config->set('URI.SafeIframeRegexp', '%^//www\.youtube\.com/embed/%'); ``` Configuration ------------- [](#configuration) Apart from HTML Purifier's built-in [configuration directives](http://htmlpurifier.org/live/configdoc/plain.html), the following new directives are also supported: - **Attr.AllowedInputTypes** Version added: 0.1.12 Type: [Lookup](http://htmlpurifier.org/live/configdoc/plain.html#type-lookup) (or null) Default: `null` List of allowed input types, chosen from the types defined in the spec. By default, the setting is `null`, meaning there is no restriction on allowed types. Empty array means that no explicit `type` attributes are allowed, effectively making all inputs a text inputs. - **HTML.Forms** Version added: 0.1.12 Type: [Boolean](http://htmlpurifier.org/live/configdoc/plain.html#type-bool) Default: `false` Whether or not to permit form elements in the user input, regardless of [%HTML.Trusted](http://htmlpurifier.org/live/configdoc/plain.html#HTML.Trusted) value. Please be very careful when using this functionality, as enabling forms in untrusted documents may allow for phishing attacks. - **HTML.IframeAllowFullscreen** Version added: 0.1.11 Type: [Boolean](http://htmlpurifier.org/live/configdoc/plain.html#type-bool) Default: `false` Whether or not to permit `allowfullscreen` attribute on `iframe` tags. It requires either [%HTML.SafeIframe](http://htmlpurifier.org/live/configdoc/plain.html#HTML.SafeIframe) or [%HTML.Trusted](http://htmlpurifier.org/live/configdoc/plain.html#HTML.Trusted) to be `true`. - **HTML.Link** Version added: 0.1.12 Type: [Boolean](http://htmlpurifier.org/live/configdoc/plain.html#type-bool) Default: `false` Permit the `link` tags in the user input, regardless of [%HTML.Trusted](http://htmlpurifier.org/live/configdoc/plain.html#HTML.Trusted) value. This effectively allows `link` tags without allowing other untrusted elements. If enabled, URIs in `link` tags will not be matched against a whitelist specified in %URI.SafeLinkRegexp (unless %HTML.SafeIframe is also enabled). - **HTML.SafeLink** Version added: 0.1.12 Type: [Boolean](http://htmlpurifier.org/live/configdoc/plain.html#type-bool) Default: `false` Whether to permit `link` tags in untrusted documents. This directive must be accompanied by a whitelist of permitted URIs via %URI.SafeLinkRegexp, otherwise no `link` tags will be allowed. - **HTML.XHTML** Version added: 0.1.12 Type: [Boolean](http://htmlpurifier.org/live/configdoc/plain.html#type-bool) Default: `false` While deprecated in HTML 4.01 / XHTML 1.0 context, in HTML5 it's used for enabling support for namespaced attributes and XML self-closing tags. When enabled it causes `xml:lang` attribute to take precedence over `lang`, when both attributes are present on the same element. - **URI.SafeLinkRegexp** Version added: 0.1.12 Type: [String](http://htmlpurifier.org/live/configdoc/plain.html#type-string) Default: `null` A PCRE regular expression that will be matched against a `` URI. This directive only has an effect if %HTML.SafeLink is enabled. Here are some example values: `%^https?://localhost/%` - Allow localhost URIs Use `Attr.AllowedRel` to control permitted link relationship types. Supported HTML5 elements ------------------------ [](#supported-html5-elements) Aside from HTML elements supported originally by HTML Purifier, this library adds support for the following HTML5 elements: ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, ``, `` as well as HTML5 attributes added to existing HTML elements, such as: ``, ``, ``, ``, `` License ------- [](#license) The MIT License (MIT). See the LICENSE file. ### Health Score 59 — FairBetter than 99% of packages Maintenance81 Actively maintained with recent releases Popularity57 Moderate usage in the ecosystem Community29 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 94.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~273 days Recently: every ~684 days Total 13 Last Release 98d ago PHP version history (2 changes)v0.1.2PHP >=5.2 v0.1.12PHP >=5.3 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/952555?v=4)[Mateusz Turcza](/maintainers/xemlock)[@xemlock](https://github.com/xemlock) --- Top Contributors [![xemlock](https://avatars.githubusercontent.com/u/952555?v=4)](https://github.com/xemlock "xemlock (223 commits)")[![sherbrow](https://avatars.githubusercontent.com/u/1212399?v=4)](https://github.com/sherbrow "sherbrow (5 commits)")[![bytestream](https://avatars.githubusercontent.com/u/1788397?v=4)](https://github.com/bytestream "bytestream (4 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)")[![fossabot](https://avatars.githubusercontent.com/u/29791463?v=4)](https://github.com/fossabot "fossabot (1 commits)")[![codebymikey](https://avatars.githubusercontent.com/u/9484406?v=4)](https://github.com/codebymikey "codebymikey (1 commits)")[![mbrodala](https://avatars.githubusercontent.com/u/5037116?v=4)](https://github.com/mbrodala "mbrodala (1 commits)") --- Tags html-purifierhtml-sanitizerhtml5-definitionshtml5-elementshtmlpurifierphpvalidatorsecurityhtmlPurifierHTML5htmlpurifierxsstidy ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/xemlock-htmlpurifier-html5/health.svg) ``` [![Health](https://phpackages.com/badges/xemlock-htmlpurifier-html5/health.svg)](https://phpackages.com/packages/xemlock-htmlpurifier-html5) ``` ### Alternatives [mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[luketowers/purifier Laravel 5 HtmlPurifier Package 3280.0k9](/packages/luketowers-purifier)[stolz/laravel-html-tidy HTML Tidy middleware for Laravel 268.7k](/packages/stolz-laravel-html-tidy)[chrisshick/cakephp3-html-purifier This is a CakePHP3 Purifier Plugin Behavior that cleanses data before it is marshalled into the entity. 12168.1k](/packages/chrisshick-cakephp3-html-purifier) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)