eyupcanakman/htmlawed

PHP 8.4+ compatible fork of vanilla/htmlawed — a composer wrapper for the htmLawed library to purify & filter HTML.

Maintainers

Package info

github.com/eyupcanakman/htmlawed

pkg:composer/eyupcanakman/htmlawed

Statistics

Installs: 167

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v3.0.0 2026-03-07 11:22 UTC

Requires

  • php: >=8.1

LGPL-3.0 86774b131885e706cc964fe9dabfc56039f9364a

  • Todd Burry <todd.woop@vanillaforums.com>
  • Eyup Can Akman <eyupcanakman.woop@gmail.com>

This package is auto-updated.

Last update: 2026-03-08 12:26:22 UTC

README

PHP 8.4+ compatible fork of vanilla/htmlawed.

A composer wrapper for the htmLawed library to purify & filter HTML.

Why this fork?

The original vanilla/htmlawed (v2.2.15, Sep 2023) is unmaintained and triggers PHP 8.4 deprecation notices due to implicit nullable parameters. These deprecation notices produce output that breaks HTTP headers in API responses.

Changes from vanilla/htmlawed v2.2.15

  • Added explicit nullable type hints to Htmlawed::filter() (?array $config, string|array|null $spec)
  • Added parameter and return types to Htmlawed::filter() and Htmlawed::filterRSS()
  • Bumped minimum PHP requirement to 8.1
  • No changes to the htmLawed core library (htmLawed.php)

Installation

Requires PHP 8.1+.

composer require eyupcanakman/htmlawed

If you're migrating from vanilla/htmlawed:

composer require eyupcanakman/htmlawed
composer remove vanilla/htmlawed

Usage

echo Htmlawed::filter('<h1>Hello world!');
// Outputs: '<h1>Hello world!</h1>'

echo Htmlawed::filter('<i>nothing to see</i><script>alert("xss")</script>');
// Outputs: '<i>nothing to see</i>alert("xss")'

// RSS filtering
echo Htmlawed::filterRSS('<html><body><h1>Hello world!</h1></body></html>');
// Outputs: '<h1>Hello world!</h1>'

See the htmLawed documentation for the full list of config and spec options.

Credits

License

LGPL-3.0 (same as the original package)