Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

HTML Purifier

2,791 sites Security covered
View on drupal.org

HTML Purifier is a library that cleans HTML content to remove malicious code like XSS and ensure it's standards-compliant. It can be configured to allow or restrict specific HTML elements and attributes, making it a more robust alternative to Drupal's built-in filtering.

HTML Purifier is a standards-compliant HTML filter library. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

HTML Purifier is very tasty when combined with WYSIWYG editors and is more comprehensive, standards-compliant, permissive and extensive than Drupal's built-in filtered HTML option, which uses a derivative of kses. You can read more about it at this comparison page. Want custom fonts, tables, inline styling, images, and more? Want just a restricted tag set but bullet-proof standards-compliant output? HTML Purifier is for you!

The HTML Purifier module is licensed under GPL v2 or later, however, the HTML Purifier library itself is licensed under LGPL v2.1 or later.

Want to give it a test drive? Try it out on simplytest.me.

Install the module using composer:
composer require 'drupal/htmlpurifier:^1.0'

Enable it and configure the filter for each text format in Administration - Configuration - Text formats and editors (admin/config/content/formats).

You can use the HTML Purifier Configuration Documentation as reference to learn and edit the configuration settings available in YAML format within the filter settings form textarea.

Activity

Total releases
1
First release
Dec 2024
Latest release
1 year ago
Releases (12 mo)
0 ▼ from 1
Maintenance
Dormant

Releases

Version Type Release date
8.x-1.2 Stable Dec 12, 2024