aimeos/sanitizer
Permissive sanitizer removing potentially dangerous content
Maintainers
0.4
2026-06-13 08:37 UTC
Requires
- php: ^8.0
- masterminds/html5: ^2.9
Requires (Dev)
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^10.0 || ^11.0
Suggests
None
Provides
None
Conflicts
None
Replaces
None
LGPL-2.1+ 8113646929f2a87dbf783c0f1f095c8e2d6d97a5
This package is auto-updated.
Last update: 2026-06-13 08:38:03 UTC
README
Permissive sanitizer removing potentially dangerous content.
Installation
composer req aimeos/sanitizer
Usage
$input = ' <svg><circle cx="50" cy="50" r="40" /></svg> <script>alert(1)</script> <a href="javascript:alert(2)" style="color:red;" onclick="alert(3)">Click me</a> <img src="data:image/png;base64,..." /> '; echo \Aimeos\Sanitizer\Sane::html( $input ); // Output: <a>Click me</a><img>
Specification
HTML
Removes these potential dangerous content:
- Elements: 'embed', 'frame', 'iframe', 'object', 'script', 'svg'
- Attributes: All that can execute code
- URI schemes: 'javascript', 'data', 'vbscript', 'file', 'filesystem', 'blob'
- IDs and names: Names used for global JS objects