{"id":15115947,"url":"https://github.com/medilies/xssless","last_synced_at":"2025-04-10T10:42:43.456Z","repository":{"id":252060634,"uuid":"839300442","full_name":"medilies/xssless","owner":"medilies","description":"Clean your rich text from XSS threats.","archived":false,"fork":false,"pushed_at":"2024-08-14T13:24:39.000Z","size":218,"stargazers_count":27,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-24T09:38:21.084Z","etag":null,"topics":["cleaner","html","laravel","purifier","sanitizer","xss"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/medilies.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"medilies"}},"created_at":"2024-08-07T10:32:52.000Z","updated_at":"2025-03-22T07:00:38.000Z","dependencies_parsed_at":"2024-09-26T01:50:03.096Z","dependency_job_id":null,"html_url":"https://github.com/medilies/xssless","commit_stats":null,"previous_names":["medilies/xssless"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/medilies%2Fxssless","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/medilies%2Fxssless/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/medilies%2Fxssless/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/medilies%2Fxssless/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/medilies","download_url":"https://codeload.github.com/medilies/xssless/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248199809,"owners_count":21063764,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cleaner","html","laravel","purifier","sanitizer","xss"],"created_at":"2024-09-26T01:44:05.743Z","updated_at":"2025-04-10T10:42:43.436Z","avatar_url":"https://github.com/medilies.png","language":"PHP","funding_links":["https://github.com/sponsors/medilies"],"categories":["PHP"],"sub_categories":[],"readme":"# Clean your rich text from XSS threats\n\n[![Latest Version on Packagist](https://img.shields.io/packagist/v/medilies/xssless.svg?style=flat-square)](https://packagist.org/packages/medilies/xssless)\n[![pest](https://img.shields.io/github/actions/workflow/status/medilies/xssless/run-tests.yml?branch=main\u0026label=tests\u0026style=flat-square)](https://github.com/medilies/xssless/actions?query=workflow%3Arun-tests+branch%3Amain)\n[![phpstan](https://img.shields.io/github/actions/workflow/status/medilies/xssless/phpstan.yml?branch=main\u0026label=phpstan\u0026style=flat-square)](https://github.com/medilies/xssless/actions?query=workflow%3A\"phpstan\"+branch%3Amain)\n\u003c!-- [![Total Downloads](https://img.shields.io/packagist/dt/medilies/xssless.svg?style=flat-square)](https://packagist.org/packages/medilies/xssless) --\u003e\n\n![workflow](./workflow.png)\n\n## Why use Xssless\n\n- Your application features a [Rich Text Editor](https://en.wikipedia.org/wiki/Online_rich-text_editor) and you want to prevent all XSS.\n- You want full HTML5 \u0026 CSS3 support.\n- You want to allow all safe HTML elements, their attributes, and CSS properties without going deep into whitelist configs.\n\u003c!-- - [TODO] You want a fluent and an intuitive way to build policies. --\u003e\n\nThe default driver aligns with [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#html-sanitization) recommendations:\n\n\u003e ... OWASP recommends **DOMPurify** for HTML Sanitization.\n\n## Requirements\n\n- PHP \u003e= 8.2\n- ext-json\n- Node \u003e= 18\n- NPM\n\n## Installation\n\nInstall the package via composer:\n\n```bash\ncomposer require medilies/xssless\n```\n\nFor non Laravel projects, pick a config and run the following code:\n\n```php\n$config = new Medilies\\Xssless\\Dompurify\\DompurifyCliConfig('node', 'npm');\n\n(new Medilies\\Xssless\\Xssless)\n    -\u003eusing($config)\n    -\u003esetup();\n```\n\nFor Laravel projects, run the following command:\n\n```shell\nphp artisan xssless:setup\n```\n\n\u003c!-- \u003e [!IMPORTANT]  \n\u003e You may need to re-run the setup when switching drivers. --\u003e\n\n## Usage\n\nUsing `Medilies\\Xssless\\Dompurify\\DompurifyCliConfig`:\n\n```php\n(new Medilies\\Xssless\\Xssless)\n    -\u003eusing(new Medilies\\Xssless\\Dompurify\\DompurifyCliConfig)\n    -\u003eclean($html);\n```\n\nUsing `Medilies\\Xssless\\Dompurify\\DompurifyServiceConfig`:\n\n```php\n$config = new Medilies\\Xssless\\Dompurify\\DompurifyServiceConfig(\n    host: '127.0.0.1', \n    port: 63000\n);\n\n$xssless = (new Medilies\\Xssless\\Xssless)\n    -\u003eusing($config);\n\n/**\n * It is better to have this part in a separate script\n * that runs continuously and independently from your app \n */\n$xssless-\u003estart();\n\n$xssless-\u003eclean($html);\n```\n\n### Laravel usage\n\nYou can publish the config file with:\n\n```bash\nphp artisan vendor:publish --tag=\"xssless-config\"\n```\n\nThis is the contents of the published config file:\n\n```php\nreturn [\n    'default' =\u003e 'dompurify-cli',\n\n    'drivers' =\u003e [\n        'dompurify-cli' =\u003e new DompurifyCliConfig(\n            node: env('NODE_PATH', 'node'), // @phpstan-ignore argument.type\n            npm: env('NPM_PATH', 'npm'), // @phpstan-ignore argument.type\n            binary: null,\n            tempFolder: null,\n        ),\n        \n        'dompurify-service' =\u003e new DompurifyServiceConfig(\n            node: env('NODE_PATH', 'node'), // @phpstan-ignore argument.type\n            npm: env('NPM_PATH', 'npm'), // @phpstan-ignore argument.type\n            host: '127.0.0.1',\n            port: 63000,\n            binary: null,\n        ),\n    ],\n];\n```\n\nRun the following command (Not required by all drivers):\n\n```shell\nphp artisan xssless:start\n```\n\nUse the facade:\n\n```php\nMedilies\\Xssless\\Laravel\\Facades\\Xssless::clean($html);\n```\n\n## Changelog\n\nPlease see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.\n\n## Contributing\n\nPlease see [CONTRIBUTING](CONTRIBUTING.md) for details.\n\n## Security Vulnerabilities\n\nPlease review [our security policy](../../security/policy) on how to report security vulnerabilities.\n\n## Credits\n\n- [medilies](https://github.com/medilies)\n- [All Contributors](../../contributors)\n\n## License\n\nThe MIT License (MIT). Please see [License File](LICENSE.md) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmedilies%2Fxssless","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmedilies%2Fxssless","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmedilies%2Fxssless/lists"}