HTML Purifier is effective because it decomposes the whole document into tokens and removing non-whitelisted elements, checking the well-formedness and nesting of tags, and validating all attributes according to their s.HTML Purifier's comprehensive algorithms are complemented by a breadth of knowledge, ensuring that richly formatted documents pass through unstripped.To my knowledge, there is nothing else in the wild that offers protection from . To find out more, you can read the Comparison for a analysis of HTML Purifier and the other major filters.

HTML Purifier 4.8.0 is a bugfix release, collecting a year of accumulated bug fixes.

In particular, we fixed some minor bugs and now declare full PHP 7 compatibility.

The primary backwards-incompatible change is that HTML Purifier will now add rel="noreferrer" to all links with target attributes (you can disable this with %HTML. HTML5; border-radius is partially supported when %CSS. Martin Brampton's new book PHP 5 CMS Framework Development includes a discussion of using HTML Purifier in your content management system. Notice: Any plugin provided by a third party has not been vetted by us: use them at your own risk.

Target No Referrer.) Other changes: new configuration options %CSS. Proprietary, and tel URIs are supported by default. If you are having a problem with the plugin, please consult the plugin author before asking for help here (we'll be more than happy to help, but it might be a problem with the plugin rather than HTML Purifier.) If I've forgotten anyone, drop me a line with a link to both your application and the use of HTML Purifier in your code repository, and I'll add your application to this list.

The following projects package HTML Purifier with their software, but are not up-to-date.

They are putting their userbase at risk of security attacks by not keeping HTML Purifier updated.

If you're a user or developer for these projects, please raise your voice and help to get them fixed!

validate-website is a web crawler for checking the markup validity with XML Schema / DTD and not found urls (more info doc/validate-website.adoc).

validate-website-static checks the markup validity of your local documents with XML Schema / DTD (more info doc/validate-website-static.adoc). The HTML5 support is done by using the Web Service, so the content of your webpage is logged by a tier.