HTML Purifier

Allows You to Purifier HTML

Enter an HTML code that you wish to purify. Click the "GET PURIFIED HTML" button to begin the purification process. Upon successful completion of the purification, you will see a purified HTML.

Why use HTML Purifier?

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

Know thy enemy

Hackers have a huge arsenal of XSS vectors hidden within the depths of the HTML specification. HTML Purifier is effective because it decomposes the whole document into tokens and removing non-whitelisted elements, checking the well-formedness and nesting of tags, and validating all attributes according to their RFCs. HTML Purifier's comprehensive algorithms are complemented by a breadth of knowledge, ensuring that richly formatted documents pass through unstripped.

To my knowledge, there is nothing else in the wild that offers protection from XSS, standards-compliance, and corrective processing of poorly formed HTML. HTML Purifier is not perfect; it can interact poorly with existing JavaScript on websites, which can introduces vulnerabilities after the fact. However, it is pretty damn good.