mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-03 05:11:52 +00:00

Standards compliant HTML filter written in PHP. http://htmlpurifier.org

Go to file

ABOGADO RAMÓN CERDA QUIROZ 08737979b3 Create SECURITY.md # Security Policy ## Supported Versions Use this section to tell people about which versions of your project are currently being supported with security updates. \| Version \| Supported \| \| ------- \| ------------------ \| \| 5.1.x \| ✅ \| \| 5.0.x \| ❌ \| \| 4.0.x \| ✅ \| \| < 4.0 \| ❌ \| ## Reporting a Vulnerability Use this section to tell people how to report a vulnerability. Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc. ## [SECURITY.md](https://github.com/ezyang/ghstack/files/12756095/SECURITY.md)		2023-09-28 22:46:38 -06:00
.github/workflows	chore: Add support for PHP 8.3 (#382 )	2023-08-24 11:15:30 -04:00
art	[2.0.1] Implement haphazard error collection for AttrValidator.	2007-06-27 02:03:15 +00:00
benchmarks	.htaccess support apache 2.4+ (#190 )	2018-11-11 14:55:13 -05:00
configdoc	Release 4.15.0	2022-09-18 02:23:57 -04:00
docs	Supported hundreds of nested HTML (#202 )	2019-07-14 13:15:31 -04:00
extras	PHP 8.1: fix various deprecations/errors in newest version of PHP (#310 )	2022-04-08 13:48:12 -04:00
library	Don't suggest chmod to 777 (#373 )	2023-04-30 13:55:11 -04:00
maintenance	feat: add semantic release (#307 )	2022-09-18 02:44:00 -04:00
plugins	Supported hundreds of nested HTML (#202 )	2019-07-14 13:15:31 -04:00
smoketests	Run CSSTidy tests on CI (#338 )	2022-09-14 20:55:41 -07:00
tests	fix: Support for locales using decimal separators other than . (dot) (#372 )	2023-04-30 09:30:23 -04:00
.gitattributes	feat: add semantic release (#307 )	2022-09-18 02:44:00 -04:00
.gitignore	Improve gitignore.	2013-10-13 00:18:11 -07:00
composer.json	chore: Add support for PHP 8.3 (#382 )	2023-08-24 11:15:30 -04:00
CREDITS	Add vim modelines to all files.	2008-12-06 04:24:59 -05:00
Doxyfile	Release 4.15.0	2022-09-18 02:23:57 -04:00
INSTALL	Delete references to PHP 5.1 in INSTALL.	2018-11-11 16:56:06 -05:00
INSTALL.fr.utf8	Update PHP version in INSTALL (#195 )	2018-10-23 20:03:41 -04:00
LICENSE	Add vim modelines to all files.	2008-12-06 04:24:59 -05:00
NEWS	Release 4.15.0	2022-09-18 02:23:57 -04:00
package.php	feat: add semantic release (#307 )	2022-09-18 02:44:00 -04:00
phpdoc.ini	Add vim modelines to all files.	2008-12-06 04:24:59 -05:00
README.md	PHP 8 Support (#297 )	2021-07-20 09:40:50 -04:00
release.config.js	fix: semantic release (#341 )	2022-09-20 12:45:11 -04:00
SECURITY.md	Create SECURITY.md	2023-09-28 22:46:38 -06:00
test-settings.sample.php	Run CSSTidy tests on CI (#338 )	2022-09-14 20:55:41 -07:00
TODO	Release 4.8.0	2016-07-16 05:58:58 -07:00
update-for-release	feat: add semantic release (#307 )	2022-09-18 02:44:00 -04:00
VERSION	Release 4.15.0	2022-09-18 02:23:57 -04:00
WYSIWYG	Add vim modelines to all files.	2008-12-06 04:24:59 -05:00

README.md

HTML Purifier

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.

Places to go:

See INSTALL for a quick installation guide
See docs/ for developer-oriented documentation, code examples and an in-depth installation guide.
See WYSIWYG for information on editors like TinyMCE and FCKeditor

HTML Purifier can be found on the web at: http://htmlpurifier.org/

Installation

Package available on Composer.

If you're using Composer to manage dependencies, you can use

$ composer require ezyang/htmlpurifier