HTML Purifier is a standards-compliant HTML filter library. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

HTML Purifier is very tasty when combined with WYSIWYG editors and is more comprehensive, standards-compliant, permissive and extensive than Drupal's built-in filtered HTML option, which uses a derivative of kses. You can read more about it at this comparison page. Want custom fonts, tables, inline styling, images, and more? Want just a restricted tag set but bullet-proof standards-compliant output? HTML Purifier is for you!

The HTML Purifier module is licensed under GPL v2 or later, however, the HTML Purifier library itself is licensed under LGPL v2.1 or later.

Want to give it a test drive? Try it out on simplytest.me.

Install the module using composer:
composer require 'drupal/htmlpurifier:^1.0'

Enable it and configure the filter for each text format in Administration - Configuration - Text formats and editors (admin/config/content/formats).

You can use the HTML Purifier Configuration Documentation as reference to learn and edit the configuration settings available in YAML format within the filter settings form textarea.

Supporting organizations: 
MTech, LLC
Maintainership

Project information

  • caution Minimally maintained
    Maintainers monitor issues, but fast responses are not guaranteed.
  • caution Maintenance fixes only
    Considered feature-complete by its maintainers.
  • chart icon2,918 sites report using this module
  • Created by ezyang on , updated
  • shieldStable releases for this project are covered by the security advisory policy.
    Look for the shield icon below.

Releases

8.x-1.2 Stable release covered by the Drupal Security Team released 12 December 2024
Works with Drupal: ^10.2 || ^11
Install:

Using Composer to manage Drupal site dependencies