{"id":13539237,"url":"https://github.com/voku/anti-xss","last_synced_at":"2025-05-13T21:06:30.496Z","repository":{"id":28580500,"uuid":"32098440","full_name":"voku/anti-xss","owner":"voku","description":"㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP","archived":false,"fork":false,"pushed_at":"2025-04-15T10:39:30.000Z","size":1885,"stargazers_count":688,"open_issues_count":32,"forks_count":107,"subscribers_count":31,"default_branch":"master","last_synced_at":"2025-04-25T15:23:51.603Z","etag":null,"topics":["composer","hacktoberfest","html-character","php","xss","xss-attacks"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voku.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["voku"],"patreon":"voku","open_collective":"anti-xss","tidelift":"packagist/voku/anti-xss","custom":"https://www.paypal.me/moelleken"}},"created_at":"2015-03-12T19:45:11.000Z","updated_at":"2025-04-23T22:37:32.000Z","dependencies_parsed_at":"2023-09-27T15:55:36.255Z","dependency_job_id":"fe89560f-1ed0-4b4d-b51d-b6c50ab24b39","html_url":"https://github.com/voku/anti-xss","commit_stats":{"total_commits":478,"total_committers":20,"mean_commits":23.9,"dds":0.7029288702928871,"last_synced_commit":"25a3cf6a6d2e43b7aa4dd08f7c633ad544484643"},"previous_names":[],"tags_count":106,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voku%2Fanti-xss","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voku%2Fanti-xss/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voku%2Fanti-xss/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voku%2Fanti-xss/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voku","download_url":"https://codeload.github.com/voku/anti-xss/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251073634,"owners_count":21532009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["composer","hacktoberfest","html-character","php","xss","xss-attacks"],"created_at":"2024-08-01T09:01:22.179Z","updated_at":"2025-04-28T12:16:45.637Z","avatar_url":"https://github.com/voku.png","language":"PHP","funding_links":["https://github.com/sponsors/voku","https://patreon.com/voku","https://opencollective.com/anti-xss","https://tidelift.com/funding/github/packagist/voku/anti-xss","https://www.paypal.me/moelleken","https://www.patreon.com/voku","https://paypal.me/moelleken","https://www.patreon.com/voku/posts"],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Table of Contents","PHP","安全( Security )"],"sub_categories":["\u003ca id=\"5d7191f01544a12bdaf1315c3e986dff\"\u003e\u003c/a\u003eXSS\u0026\u0026XXE","Security","Globalization"],"readme":"[//]: # (AUTO-GENERATED BY \"PHP README Helper\": base file -\u003e docs/base.md)\n[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)\n\n[![Build Status](https://github.com/voku/anti-xss/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/voku/anti-xss/actions)\n[![codecov.io](http://codecov.io/github/voku/anti-xss/coverage.svg?branch=master)](http://codecov.io/github/voku/anti-xss?branch=master)\n[![Codacy Badge](https://api.codacy.com/project/badge/Grade/8e3c9da417124971b8d8e0c1046c24c7)](https://www.codacy.com/app/voku/anti-xss)\n[![Latest Stable Version](https://poser.pugx.org/voku/anti-xss/v/stable)](https://packagist.org/packages/voku/anti-xss) \n[![Total Downloads](https://poser.pugx.org/voku/anti-xss/downloads)](https://packagist.org/packages/voku/anti-xss)\n[![License](https://poser.pugx.org/voku/anti-xss/license)](https://packagist.org/packages/voku/anti-xss)\n[![Donate to this project using Paypal](https://img.shields.io/badge/paypal-donate-yellow.svg)](https://www.paypal.me/moelleken)\n[![Donate to this project using Patreon](https://img.shields.io/badge/patreon-donate-yellow.svg)](https://www.patreon.com/voku)\n\n# :secret: AntiXSS\n\n\"Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables \nattackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be \nused by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites \naccounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.\" - http://en.wikipedia.org/wiki/Cross-site_scripting\n\n### DEMO:\n[http://anti-xss-demo.suckup.de/](http://anti-xss-demo.suckup.de/)\n\n### NOTES:\n1) Use [filter_input()](http://php.net/manual/de/function.filter-input.php) - don't use GLOBAL-Array (e.g. $_SESSION, $_GET, $_POST, $_SERVER) directly\n\n2) Use [html-sanitizer](https://github.com/tgalopin/html-sanitizer) or [HTML Purifier](http://htmlpurifier.org/) if you need a more configurable solution\n\n3) Add \"Content Security Policy's\" -\u003e [Introduction to Content Security Policy](http://www.html5rocks.com/en/tutorials/security/content-security-policy/)\n\n4) DO NOT WRITE YOUR OWN REGEX TO PARSE HTML!\n\n5) READ THIS TEXT -\u003e [XSS (Cross Site Scripting) Prevention Cheat Sheet](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md)\n\n6) TEST THIS TOOL -\u003e [Zed Attack Proxy (ZAP)](https://github.com/zaproxy/zaproxy)\n\n### Install via \"composer require\"\n```shell\ncomposer require voku/anti-xss\n```\n\n### Usage:\n\n```php\n\nuse voku\\helper\\AntiXSS;\n\nrequire_once __DIR__ . '/vendor/autoload.php'; // example path\n\n$antiXss = new AntiXSS();\n```\n\nExample 1: (HTML Character)\n\n```php\n$harm_string = \"Hello, i try to \u003cscript\u003ealert('Hack');\u003c/script\u003e your site\";\n$harmless_string = $antiXss-\u003exss_clean($harm_string);\n\n// Hello, i try to alert\u0026#40;'Hack'\u0026#41;; your site\n```\n\nExample 2: (Hexadecimal HTML Character)\n\n```php\n$harm_string = \"\u003cIMG SRC=\u0026#x6A\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x70\u0026#x74\u0026#x3A\u0026#x61\u0026#x6C\u0026#x65\u0026#x72\u0026#x74\u0026#x28\u0026#x27\u0026#x58\u0026#x53\u0026#x53\u0026#x27\u0026#x29\u003e\";\n$harmless_string = $antiXss-\u003exss_clean($harm_string);\n    \n// \u003cIMG \u003e\n```\n    \nExample 3: (Unicode Hex Character)\n\n```php\n$harm_string = \"\u003ca href='\u0026#x2000;javascript:alert(1)'\u003eCLICK\u003c/a\u003e\";\n$harmless_string = $antiXss-\u003exss_clean($harm_string);\n    \n// \u003ca \u003eCLICK\u003c/a\u003e\n```\n\nExample 4: (Unicode Character)\n\n```php\n$harm_string = \"\u003ca href=\\\"\\u0001java\\u0003script:alert(1)\\\"\u003eCLICK\u003ca\u003e\";\n$harmless_string = $antiXss-\u003exss_clean($harm_string);\n    \n// \u003ca \u003eCLICK\u003c/a\u003e\n```\n\nExample 5.1: (non Inline CSS)\n\n```php\n$harm_string = '\u003cli style=\"list-style-image: url(javascript:alert(0))\"\u003e';\n$harmless_string = $antiXss-\u003exss_clean($harm_string);\n\n// \u003cli \u003e\n```\n\nExample 5.2: (with Inline CSS)\n\n```php\n$harm_string = '\u003cli style=\"list-style-image: url(javascript:alert(0))\"\u003e';\n$antiXss-\u003eremoveEvilAttributes(array('style')); // allow style-attributes\n$harmless_string = $antiXss-\u003exss_clean($harm_string);\n\n// \u003cli style=\"list-style-image: url(alert\u0026#40;0\u0026#41;)\"\u003e\n```\n\nExample 6: (check if an string contains a XSS attack)\n\n```php\n$harm_string = \"\\x3cscript src=http://www.example.com/malicious-code.js\\x3e\\x3c/script\\x3e\";\n$harmless_string = $antiXss-\u003exss_clean($harm_string);\n\n// \n\n$antiXss-\u003eisXssFound(); \n\n// true\n```\n\nExample 7: (allow e.g. iframes)\n\n```php\n$harm_string = \"\u003ciframe width=\"560\" onclick=\"alert('xss')\" height=\"315\" src=\"https://www.youtube.com/embed/foobar?rel=0\u0026controls=0\u0026showinfo=0\" frameborder=\"0\" allowfullscreen\u003e\u003c/iframe\u003e\";\n\n$antiXss-\u003eremoveEvilHtmlTags(array('iframe'));\n\n$harmless_string = $antiXss-\u003exss_clean($harm_string);\n\n// \u003ciframe width=\"560\"  height=\"315\" src=\"https://www.youtube.com/embed/foobar?rel=0\u0026controls=0\u0026showinfo=0\" frameborder=\"0\" allowfullscreen\u003e\u003c/iframe\u003e\n```\n\n\n### Unit Test:\n\n1) [Composer](https://getcomposer.org) is a prerequisite for running the tests.\n\n```\ncomposer install\n```\n\n2) The tests can be executed by running this command from the root directory:\n\n```bash\n./vendor/bin/phpunit\n```\n\n## AntiXss methods\n\n\u003cp id=\"voku-php-readme-class-methods\"\u003e\u003c/p\u003e\u003ctable\u003e\u003ctr\u003e\u003ctd\u003e\u003ca href=\"#adddonotclosehtmltagsstring-strings-this\"\u003eaddDoNotCloseHtmlTags\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#addevilattributesstring-strings-this\"\u003eaddEvilAttributes\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#addevilhtmltagsstring-strings-this\"\u003eaddEvilHtmlTags\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#addneverallowedcallstringsstring-strings-this\"\u003eaddNeverAllowedCallStrings\u003c/a\u003e\n\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003ca href=\"#addneverallowedjscallbackregexstring-strings-this\"\u003eaddNeverAllowedJsCallbackRegex\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#addneverallowedoneventsafterwardsstring-strings-this\"\u003eaddNeverAllowedOnEventsAfterwards\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#addneverallowedregexstring-strings-this\"\u003eaddNeverAllowedRegex\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#addneverallowedstrafterwardsstring-strings-this\"\u003eaddNeverAllowedStrAfterwards\u003c/a\u003e\n\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003ca href=\"#isxssfound-boolnull\"\u003eisXssFound\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#removedonotclosehtmltagsstring-strings-this\"\u003eremoveDoNotCloseHtmlTags\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#removeevilattributesstring-strings-this\"\u003eremoveEvilAttributes\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#removeevilhtmltagsstring-strings-this\"\u003eremoveEvilHtmlTags\u003c/a\u003e\n\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003ca href=\"#removeneverallowedcallstringsstring-strings-this\"\u003eremoveNeverAllowedCallStrings\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#removeneverallowedjscallbackregexstring-strings-this\"\u003eremoveNeverAllowedJsCallbackRegex\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#removeneverallowedoneventsafterwardsstring-strings-this\"\u003eremoveNeverAllowedOnEventsAfterwards\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#removeneverallowedregexstring-strings-this\"\u003eremoveNeverAllowedRegex\u003c/a\u003e\n\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003ca href=\"#removeneverallowedstrafterwardsstring-strings-this\"\u003eremoveNeverAllowedStrAfterwards\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#setreplacementstring-string-this\"\u003esetReplacement\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#setstripe4bytecharsbool-bool-this\"\u003esetStripe4byteChars\u003c/a\u003e\n\u003c/td\u003e\u003ctd\u003e\u003ca href=\"#xss_cleanstringstring-str-stringstring\"\u003exss_clean\u003c/a\u003e\n\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e\n\n## addDoNotCloseHtmlTags(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nAdd some strings to the \"_do_not_close_html_tags\"-array.\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## addEvilAttributes(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nAdd some strings to the \"_evil_attributes\"-array.\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## addEvilHtmlTags(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nAdd some strings to the \"_evil_html_tags\"-array.\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## addNeverAllowedCallStrings(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nAdd some strings to the \"_never_allowed_call_strings\"-array.\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## addNeverAllowedJsCallbackRegex(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nAdd some strings to the \"_never_allowed_js_callback_regex\"-array.\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## addNeverAllowedOnEventsAfterwards(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nAdd some strings to the \"_never_allowed_on_events_afterwards\"-array.\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## addNeverAllowedRegex(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nAdd some strings to the \"_never_allowed_regex\"-array.\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## addNeverAllowedStrAfterwards(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nAdd some strings to the \"_never_allowed_str_afterwards\"-array.\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## isXssFound(): bool|null\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nCheck if the \"AntiXSS-\u003exss_clean()\"-method found an XSS attack in the last run.\n\n**Parameters:**\n__nothing__\n\n**Return:**\n- `bool|null \u003cp\u003eWill return null if the \"xss_clean()\" wasn't running at all.\u003c/p\u003e`\n\n--------\n\n## removeDoNotCloseHtmlTags(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nRemove some strings from the \"_do_not_close_html_tags\"-array.\n\n\u003cp\u003e\n\u003cbr /\u003e\nWARNING: Use this method only if you have a really good reason.\n\u003c/p\u003e\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## removeEvilAttributes(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nRemove some strings from the \"_evil_attributes\"-array.\n\n\u003cp\u003e\n\u003cbr /\u003e\nWARNING: Use this method only if you have a really good reason.\n\u003c/p\u003e\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## removeEvilHtmlTags(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nRemove some strings from the \"_evil_html_tags\"-array.\n\n\u003cp\u003e\n\u003cbr /\u003e\nWARNING: Use this method only if you have a really good reason.\n\u003c/p\u003e\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## removeNeverAllowedCallStrings(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nRemove some strings from the \"_never_allowed_call_strings\"-array.\n\n\u003cp\u003e\n\u003cbr /\u003e\nWARNING: Use this method only if you have a really good reason.\n\u003c/p\u003e\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## removeNeverAllowedJsCallbackRegex(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nRemove some strings from the \"_never_allowed_js_callback_regex\"-array.\n\n\u003cp\u003e\n\u003cbr /\u003e\nWARNING: Use this method only if you have a really good reason.\n\u003c/p\u003e\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## removeNeverAllowedOnEventsAfterwards(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nRemove some strings from the \"_never_allowed_on_events_afterwards\"-array.\n\n\u003cp\u003e\n\u003cbr /\u003e\nWARNING: Use this method only if you have a really good reason.\n\u003c/p\u003e\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## removeNeverAllowedRegex(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nRemove some strings from the \"_never_allowed_regex\"-array.\n\n\u003cp\u003e\n\u003cbr /\u003e\nWARNING: Use this method only if you have a really good reason.\n\u003c/p\u003e\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## removeNeverAllowedStrAfterwards(string[] $strings): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nRemove some strings from the \"_never_allowed_str_afterwards\"-array.\n\n\u003cp\u003e\n\u003cbr /\u003e\nWARNING: Use this method only if you have a really good reason.\n\u003c/p\u003e\n\n**Parameters:**\n- `string[] $strings`\n\n**Return:**\n- `$this`\n\n--------\n\n## setReplacement(string $string): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nSet the replacement-string for not allowed strings.\n\n**Parameters:**\n- `string $string`\n\n**Return:**\n- `$this`\n\n--------\n\n## setStripe4byteChars(bool $bool): $this\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nSet the option to stripe 4-Byte chars.\n\n\u003cp\u003e\n\u003cbr /\u003e\nINFO: use it if your DB (MySQL) can't use \"utf8mb4\" -\u003e preventing stored XSS-attacks\n\u003c/p\u003e\n\n**Parameters:**\n- `bool $bool`\n\n**Return:**\n- `$this`\n\n--------\n\n## xss_clean(string|string[] $str): string|string[]\n\u003ca href=\"#voku-php-readme-class-methods\"\u003e↑\u003c/a\u003e\nXSS Clean\n\n\u003cp\u003e\n\u003cbr /\u003e\nSanitizes data so that \"Cross Site Scripting\" hacks can be\nprevented. This method does a fair amount of work but\nit is extremely thorough, designed to prevent even the\nmost obscure XSS attempts. But keep in mind that nothing\nis ever 100% foolproof...\n\u003c/p\u003e\n\n\u003cp\u003e\n\u003cbr /\u003e\n\u003cstrong\u003eNote:\u003c/strong\u003e Should only be used to deal with data upon submission.\n  It's not something that should be used for general\n  runtime processing.\n\u003c/p\u003e\n\n**Parameters:**\n- `TXssCleanInput $str \u003cp\u003einput data e.g. string or array of strings\u003c/p\u003e`\n\n**Return:**\n- `string|string[]`\n\n--------\n\n\n### Support\n\nFor support and donations please visit [Github](https://github.com/voku/anti-xss/) | [Issues](https://github.com/voku/anti-xss/issues) | [PayPal](https://paypal.me/moelleken) | [Patreon](https://www.patreon.com/voku).\n\nFor status updates and release announcements please visit [Releases](https://github.com/voku/anti-xss/releases) | [Twitter](https://twitter.com/suckup_de) | [Patreon](https://www.patreon.com/voku/posts).\n\nFor professional support please contact [me](https://about.me/voku).\n\n### Thanks\n\n- Thanks to [GitHub](https://github.com) (Microsoft) for hosting the code and a good infrastructure including Issues-Managment, etc.\n- Thanks to [IntelliJ](https://www.jetbrains.com) as they make the best IDEs for PHP and they gave me an open source license for PhpStorm!\n- Thanks to [Travis CI](https://travis-ci.com/) for being the most awesome, easiest continous integration tool out there!\n- Thanks to [StyleCI](https://styleci.io/) for the simple but powerfull code style check.\n- Thanks to [PHPStan](https://github.com/phpstan/phpstan) \u0026\u0026 [Psalm](https://github.com/vimeo/psalm) for relly great Static analysis tools and for discover bugs in the code!\n\n### License\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fvoku%2Fanti-xss.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fvoku%2Fanti-xss?ref=badge_large)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoku%2Fanti-xss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoku%2Fanti-xss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoku%2Fanti-xss/lists"}