承接 tgalopin/html-sanitizer-bundle 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

tgalopin/html-sanitizer-bundle

最新稳定版本:1.4.0

Composer 安装命令:

composer require tgalopin/html-sanitizer-bundle

包简介

Symfony Bundle for https://github.com/tgalopin/html-sanitizer

README 文档

README

Packagist Version Software license

html-sanitizer is a library aiming at handling, cleaning and sanitizing HTML sent by external users (who you cannot trust), allowing you to store it and display it safely. It has sensible defaults to provide a great developer experience while still being entierely configurable.

This repository is a Symfony bundle integrating the html-sanitizer library into Symfony applications. It provides helpful tools on top of the sanitizer to easily use it in Symfony.

Installation

html-sanitizer-bundle requires PHP 7.1+ and Symfony 3.4+.

You can install the bundle using Symfony Flex:

composer require tgalopin/html-sanitizer-bundle

Configuration

You can configure the bundle using the html_sanitizer configuration section:

# config/packages/html_sanitizer.yaml

html_sanitizer:
    default_sanitizer: 'default'
    sanitizers:
        default:
            extensions: ['basic', 'image', 'list']
            tags:
                img:
                    allowed_hosts: ['127.0.0.1', 'mywebsite.com', 'youtube.com']
                    force_https: true
        admin_content:
            extensions: ['basic', 'image', 'list']

As you see, you can have multiple sanitizers available at the same time in your application. Have a look at the library documentation to learn all the available configuration options for the sanitizers themselves.

Usage in services

This bundle provides the configured sanitizer for autowiring using the interface HtmlSanitizer\SanitizerInterface. This autowiring will target the default sanitizer defined in the bundle configuration.

This means that if you are using autowiring, you can simply typehint SanitizerInterface in any of your services to get the default sanitizer:

use HtmlSanitizer\SanitizerInterface;

class MyService
{
    private $sanitizer;
    
    public function __construct(SanitizerInterface $sanitizer)
    {
        $this->sanitizer = $sanitizer;
    }
    
    // ...
}

The same goes for controllers:

use HtmlSanitizer\SanitizerInterface;

class MyController
{
    public function index(SanitizerInterface $sanitizer)
    {
        // ...
    }
}

If you are not using autowiring, you can inject the html_sanitizer service into your services manually to get the default sanitizer.

If you need to access other sanitizers than the default one in your services, you can either:

  1. inject a specific sanitizer by injecting it with your services configuration as html_sanitizer.<santizer-name> (for instance, html_sanitizer.admin_content) ;

  2. use the sanitizers registry by injecting it with your services configuration as html_sanitizer.registry. It is a service locator mapping all the sanitizers available:

use Psr\Container\ContainerInterface;

class MyService
{
    public function __construct(ContainerInterface $sanitizers)
    {
        // $sanitizers->get('admin_content') ...
    }
}

Usage in forms

This applies only if you have installed the Symfony Form component.

The main usage of the html-sanitizer is in combination with forms. This bundle provides a TextType extension which allows you to automatically sanitize HTML of any text field or any field based on the TextType (TextareaType, SearchType, etc.).

To use it in any of your forms, you can use the sanitize_html option:

class MyFormType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder
            ->add('content', TextareaType::class, ['sanitize_html' => true])
        ;
    }
}

To use a different sanitizer than the default one, use the sanitizer option:

class MyFormType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder
            ->add('content', TextareaType::class, ['sanitize_html' => true, 'sanitizer' => 'admin_content'])
        ;
    }
}

Usage in Twig

This applies only if you have installed the Twig bundle.

A sanitize_html Twig filter is provided through an extension, letting you filter HTML inside your views.

<div>
    {{ html|sanitize_html }}
</div>

To use a different sanitizer than the default one, add an argument to the filter:

<div>
    {{ html|sanitize_html('admin_content') }}
</div>

Registering an extension

If you use autoconfiguration, classes implementing the HtmlSanitizer\Extension\ExtensionInterface interface will be automatically registered and you can use them in your sanitizer configuration:

html_sanitizer:
    default_sanitizer: 'default'
    sanitizers:
        default:
            extensions: ['basic', 'my-extension']

If you don't use autoconfiguration, you need to register your extension as a service tagged html_sanitizer.extension:

services:
    app.sanitizer.my_extension:
        class: 'App\Sanitizer\MyExtension'
        tags: [{ name: 'html_sanitizer.extension' }]

Security Issues

If you discover a security vulnerability within the sanitizer bundle or library, please follow our disclosure procedure.

Backward Compatibility promise

This library follows the same Backward Compatibility promise as the Symfony framework: https://symfony.com/doc/current/contributing/code/bc.html

Note: many classes in this library are either marked @final or @internal. @internal classes are excluded from any Backward Compatiblity promise (you should not use them in your code) whereas @final classes can be used but should not be extended (use composition instead).

tgalopin/html-sanitizer-bundle 适用场景与选型建议

tgalopin/html-sanitizer-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 967.76k 次下载、GitHub Stars 达 83, 最近一次更新时间为 2026 年 01 月 04 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 tgalopin/html-sanitizer-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 tgalopin/html-sanitizer-bundle 我们能提供哪些服务?
定制开发 / 二次开发

基于 tgalopin/html-sanitizer-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 967.76k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 84
  • 点击次数: 25
  • 依赖项目数: 3
  • 推荐数: 0

GitHub 信息

  • Stars: 83
  • Watchers: 3
  • Forks: 9
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-01-04