mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-09-19 10:45:18 +00:00

Standards compliant HTML filter written in PHP. http://htmlpurifier.org

Go to file

Mateusz Turcza 3bdc031224 Add %HTML.Forms config directive (#260 ) The %HTML.Forms directive enables Forms module regardless of the %HTML.Trusted value. This adds support for form elements without enabling other unsafe modules, such as Scripts, Iframe or Object. To achieve the same effect without this directive one has to explicitly list all enabled modules in %HTML.AllowedModules, and any not listed will be removed. This however is not very convenient, as the allowed modules may vary between doctypes. Resolves #213.		2020-06-28 20:26:33 -04:00
art	[2.0.1] Implement haphazard error collection for AttrValidator.	2007-06-27 02:03:15 +00:00
benchmarks	.htaccess support apache 2.4+ (#190 )	2018-11-11 14:55:13 -05:00
configdoc	Add %HTML.Forms config directive (#260 )	2020-06-28 20:26:33 -04:00
docs	Supported hundreds of nested HTML (#202 )	2019-07-14 13:15:31 -04:00
extras	Quarantine __autoload defs for PHP 7.2 compat	2017-12-30 00:23:05 -05:00
library	Add %HTML.Forms config directive (#260 )	2020-06-28 20:26:33 -04:00
maintenance	Replace flush.php with a shell script, to appease #192	2018-11-11 17:04:11 -05:00
plugins	Supported hundreds of nested HTML (#202 )	2019-07-14 13:15:31 -04:00
smoketests	Mod: using stdClass instead of stdclass	2017-06-02 09:55:46 +08:00
tests	Add %HTML.Forms config directive (#260 )	2020-06-28 20:26:33 -04:00
.gitattributes	Exclude more resources from the distribution package (#257 )	2020-06-06 10:29:01 -04:00
.gitignore	Improve gitignore.	2013-10-13 00:18:11 -07:00
.travis.yml	Add support for stable php 7.4 (#242 )	2020-01-02 06:58:15 -05:00
composer.json	Exclude language classes from autoloader optimization (#236 )	2019-10-31 13:42:00 -04:00
CREDITS	Add vim modelines to all files.	2008-12-06 04:24:59 -05:00
Doxyfile	Release 4.12.0	2019-10-27 23:44:26 -04:00
INSTALL	Delete references to PHP 5.1 in INSTALL.	2018-11-11 16:56:06 -05:00
INSTALL.fr.utf8	Update PHP version in INSTALL (#195 )	2018-10-23 20:03:41 -04:00
LICENSE	Add vim modelines to all files.	2008-12-06 04:24:59 -05:00
NEWS	Release 4.12.0	2019-10-27 23:44:26 -04:00
package.php	Add doxygen doc scripts, and fix package.php	2009-07-08 22:11:15 -04:00
phpdoc.ini	Add vim modelines to all files.	2008-12-06 04:24:59 -05:00
README.md	Suggest stable Composer installation (#179 )	2018-06-09 22:44:20 -04:00
test-settings.sample.php	Update to work with Git version of SimpleTest.	2016-03-24 00:08:03 -07:00
test-settings.travis.php	Travis support.	2016-10-27 02:00:47 -07:00
TODO	Release 4.8.0	2016-07-16 05:58:58 -07:00
update-for-release	Release 4.11.0	2019-07-14 14:58:38 -04:00
VERSION	Release 4.12.0	2019-10-27 23:44:26 -04:00
WHATSNEW	Release 4.12.0	2019-10-27 23:44:26 -04:00
WYSIWYG	Add vim modelines to all files.	2008-12-06 04:24:59 -05:00

README.md

HTML Purifier

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.

Places to go:

See INSTALL for a quick installation guide
See docs/ for developer-oriented documentation, code examples and an in-depth installation guide.
See WYSIWYG for information on editors like TinyMCE and FCKeditor

HTML Purifier can be found on the web at: http://htmlpurifier.org/

Installation

Package available on Composer.

If you're using Composer to manage dependencies, you can use

$ composer require ezyang/htmlpurifier