{"id":13617462,"url":"https://github.com/tgalopin/html-sanitizer","last_synced_at":"2025-05-15T18:07:59.735Z","repository":{"id":43961768,"uuid":"152134824","full_name":"tgalopin/html-sanitizer","owner":"tgalopin","description":"Sanitize untrustworthy HTML user input","archived":false,"fork":false,"pushed_at":"2022-06-24T11:56:57.000Z","size":267,"stargazers_count":390,"open_issues_count":24,"forks_count":43,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-05-01T23:15:56.931Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tgalopin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-08T19:28:47.000Z","updated_at":"2024-04-18T02:35:21.000Z","dependencies_parsed_at":"2022-09-15T20:12:42.059Z","dependency_job_id":null,"html_url":"https://github.com/tgalopin/html-sanitizer","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tgalopin%2Fhtml-sanitizer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tgalopin%2Fhtml-sanitizer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tgalopin%2Fhtml-sanitizer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tgalopin%2Fhtml-sanitizer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tgalopin","download_url":"https://codeload.github.com/tgalopin/html-sanitizer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247744332,"owners_count":20988783,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T20:01:42.092Z","updated_at":"2025-04-07T23:08:12.908Z","avatar_url":"https://github.com/tgalopin.png","language":"PHP","funding_links":[],"categories":["PHP","安全( Security )"],"sub_categories":[],"readme":"# html-sanitizer\n\n\u003e This library is deprecated as it was merged into Symfony as the HtmlSanitizer component in Symfony 6.1:\n\u003e https://symfony.com/doc/current/html_sanitizer.html\n\n[![Build Status](https://img.shields.io/travis/tgalopin/html-sanitizer/master.svg?style=flat-square)](https://travis-ci.org/tgalopin/html-sanitizer)\n[![Packagist Version](https://img.shields.io/packagist/v/tgalopin/html-sanitizer.svg?style=flat-square)](https://packagist.org/packages/tgalopin/html-sanitizer)\n[![Software license](https://img.shields.io/github/license/tgalopin/html-sanitizer.svg?style=flat-square)](https://github.com/tgalopin/html-sanitizer/blob/master/LICENSE)\n\n[![SymfonyInsight](https://insight.symfony.com/projects/befd5a5b-574c-4bea-9c4f-3ad202729a1b/big.svg)](https://insight.symfony.com/projects/befd5a5b-574c-4bea-9c4f-3ad202729a1b)\n\nhtml-sanitizer is a library aiming at handling, cleaning and sanitizing HTML sent by external users\n(who you cannot trust), allowing you to store it and display it safely. It has sensible defaults\nto provide a great developer experience while still being entirely configurable.\n\nInternally, the sanitizer has a deep understanding of HTML: it parses the input and create a tree of\nDOMNode objects, which it uses to keep only the safe elements from the content. By using this\ntechnique, it is safe (it works with a strict whitelist), fast and easily extensible.\n\nIt also provides useful features such as the possibility to transform images or iframes URLs to HTTPS.\n\n## Symfony integration\n\nThis library is also available as [a Symfony bundle](https://github.com/tgalopin/html-sanitizer-bundle).\n\n## Documentation\n\n1. [Getting started](https://github.com/tgalopin/html-sanitizer/blob/master/docs/1-getting-started.md)\n2. [Creating an extension to allow custom tags](https://github.com/tgalopin/html-sanitizer/blob/master/docs/2-creating-an-extension-to-allow-custom-tags.md)\n3. [Configuration reference](https://github.com/tgalopin/html-sanitizer/blob/master/docs/3-configuration-reference.md)\n4. [Comparison with HTMLPurifier](https://github.com/tgalopin/html-sanitizer/blob/master/docs/4-comparison-with-htmlpurifier.md)\n\n## Security Issues\n\nIf you discover a security vulnerability within the sanitizer, please follow\n[our disclosure procedure](https://github.com/tgalopin/html-sanitizer/blob/master/docs/A-security-disclosure-procedure.md).\n\n## Backward Compatibility promise\n\nThis library follows the same Backward Compatibility promise as the Symfony framework:\n[https://symfony.com/doc/current/contributing/code/bc.html](https://symfony.com/doc/current/contributing/code/bc.html)\n\n\u003e *Note*: many classes in this library are either marked `@final` or `@internal`.\n\u003e `@internal` classes are excluded from any Backward Compatiblity promise (you should not use them in your code)\n\u003e whereas `@final` classes can be used but should not be extended (use composition instead).\n\n## Thanks\n\nMany thanks to:\n- [The Open Web Application Security Project](https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project) \n  from which many of the tests of this library are extracted (more specifically from\n  [OWASP/java-html-sanitizer](https://github.com/OWASP/java-html-sanitizer)) ;\n- [Masterminds/html5-php](https://github.com/Masterminds/html5-php) which is a great HTML5 parser, used by default\n  in this library ;\n- [The PHP League URI parser](http://uri.thephpleague.com/) which allows this library to filter hosts safely ;\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftgalopin%2Fhtml-sanitizer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftgalopin%2Fhtml-sanitizer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftgalopin%2Fhtml-sanitizer/lists"}