ipedis/file-sanitizer

There is no license information available for the latest version (2.1.0) of this package.

Library for sanitizing HTML and XML files

Maintainers

Package info

github.com/ipedis/file-sanitizer

pkg:composer/ipedis/file-sanitizer

Statistics

Installs: 27

Dependents: 1

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

2.1.0 2026-02-04 06:30 UTC

Requires

Requires (Dev)

Unknown License 74fc83f32ce64ed1854c8200d74a5f75f0234c5f

  • melchior <melchior.woop@ipedis.com>

This package is auto-updated.

Last update: 2026-04-27 05:11:42 UTC

README

CI Latest Version on Packagist PHP Version License

Pipeline-based HTML and XML sanitizer for PHP. Removes script tags, event handlers, PHP tags, CDATA injections, and other XSS vectors through a configurable chain of cleanup steps.

Installation

composer require ipedis/file-sanitizer

Quick Start

use Ipedis\FileSanitizer\Sanitizer\Sanitize;

$sanitizer = new Sanitize(type: 'html');
$result = $sanitizer->process('<div onclick="alert(1)"><script>evil()</script>Hello</div>');

echo $result->getContent(); // <div>Hello</div>

XML sanitization

$sanitizer = new Sanitize(type: 'xml');
$result = $sanitizer->process($xmlContent);

Custom configuration

use Ipedis\FileSanitizer\Configuration\Configuration;
use Ipedis\FileSanitizer\Pipeline\Steps\PhpTagCleanupStep;

// Skip specific steps
$config = new Configuration(
    ignoredSteps: [PhpTagCleanupStep::class],
);

$sanitizer = new Sanitize(type: 'html', configuration: $config);

Custom cleanup steps

use Ipedis\FileSanitizer\Pipeline\Steps\CleanupStepAbstract;
use Ipedis\FileSanitizer\Pipeline\Payload;

class MyCustomStep extends CleanupStepAbstract
{
    protected function process(Payload $payload): Payload
    {
        $content = preg_replace('/pattern/', '', $payload->getContent());
        return $payload->setContent($content);
    }
}

$config = new Configuration(customSteps: [MyCustomStep::class]);
$sanitizer = new Sanitize(type: 'html', configuration: $config);

Cleanup Steps

HTML pipeline

Step What it removes
DecodeTagCleanupStep Decodes HTML entities (&lt;script&gt;<script>)
PhpTagCleanupStep PHP tags (<?php, <?, ?>)
ScriptTagCleanupStep <script> blocks
AttributeCleanupStep Event handlers (onclick, onerror...) and javascript: URLs
StyleTagCleanupStep <style> blocks containing JavaScript

XML pipeline

Step What it removes
DecodeTagCleanupStep Decodes HTML entities
CdataTagCleanupStep CDATA injection patterns
ScriptTagCleanupStep <script> blocks

Compatibility

PHP Status
8.2
8.3
8.4
8.5

Local Development

Requires Docker.

make up        # Start container
make install   # Install dependencies
make qa        # Run full QA suite (rector + pint + phpstan + tests)

Available targets:

Command Description
make up Start container
make down Stop container
make install Install Composer dependencies
make update Update Composer dependencies
make test Run PHPUnit tests
make phpstan Run static analysis (level max)
make pint Fix code style (PSR-12)
make rector Run automated refactoring
make qa Run all checks
make shell Open container shell

Disclaimer

This package is maintained by Ipedis. It is provided as-is under the terms of its license.