Download

The current version of HTML Purifier is 3.2.0, released on 2008-10-31, and is compatible with PHP 5.0.5 and up (all code is E_STRICT compliant). This library is open-source, licensed under the LGPL v2.1+. We offer multiple ways of downloading and installing HTML Purifier.

Standard

We offer the standard zip and tarball downloads. Download them, unzip them, and with a few simple installation steps get to using HTML Purifier right away:

• HTML Purifier 3.2.0 (.tar.gz) [sig]
• HTML Purifier 3.2.0 (.zip) [sig]

Lite Distribution

No, it's not magically faster. HTML Purifier Lite offers the same functionality of HTML Purifier (standard), except that anything not essentially to the basic functioning of the library has been stripped out: end-user documentation, unit-tests, profiling, maintenance scripts, etc. Just the library folder.

• HTML Purifier 3.2.0 Lite (.tar.gz) [sig]
• HTML Purifier 3.2.0 Lite (.zip) [sig]

Standalone Distribution

For those of you who balk at the possibility of a 100+ includes, we also offer a conveniently packaged single-file version of HTML Purifier. Well, not really, since HTML Purifier does require some auxiliary files in order to work (but they are neatly tucked away in a folder named standalone). Include HTMLPurifier.standalone.php and be done with it!

• HTML Purifier 3.2.0 Standalone (.tar.gz) [sig]
• HTML Purifier 3.2.0 Standalone (.zip) [sig]

SHA-1 checksums

Here are the SHA-1 checksums you can use to verify the integrity of your HTML Purifier download:

f55cd786ea0310a672b7cb04bcf3110eb37c3a2d *htmlpurifier-3.2.0-lite.tar.gz
d394cfcfff43e4998270f1fbe481f6e716cffdc1 *htmlpurifier-3.2.0-lite.tar.gz.sig
21ec3e0bd4018627e1fc5a19c800fae3998b0bef *htmlpurifier-3.2.0-lite.zip
bf20e44a898d071d2f5537f4415677bcfcf784a1 *htmlpurifier-3.2.0-lite.zip.sig
0b4830a831e4a03310efb20327580655d4ae3662 *htmlpurifier-3.2.0-standalone.tar.gz
035cf16c4135a9379f2f17ee66b53ae902cd75d5 *htmlpurifier-3.2.0-standalone.tar.gz.sig
626c8a25302dc43c3c1455fa77ffada772ab481b *htmlpurifier-3.2.0-standalone.zip
80be6f9a486a7da63b6ba4170bc1a61ab1d3a796 *htmlpurifier-3.2.0-standalone.zip.sig
78f2bf85391372c771975ac0d52f26547c35ce76 *htmlpurifier-3.2.0.tar.gz
f290a3071f4a96e8c09a41bbba6b0726a2046e68 *htmlpurifier-3.2.0.tar.gz.sig
34a0e3a755ee3615ac2456f72711e59079fd1087 *htmlpurifier-3.2.0.zip
e7b74d7614030f50dd21be7a47731cd8d69b98ab *htmlpurifier-3.2.0.zip.sig

GnuPG signatures

There are .sig files which you can use to cryptographically verify that the release is from me, Edward Z. Yang. You can find my public key here (0x869C48DA). My key's fingerprint is: 3FA8 E9A9 7385 B691 A6FC B3CB A933 BE7D 869C 48DA.

Verify files with this command:

gpg --verify $filename.sig

PEAR

HTML Purifier is also available via a PEAR channel. The PEAR installer is an incredibly powerful and robust way to install PHP packages, and does not have to be limited to packages found on pear.php.net. With PEAR, installing is as simple as these two commands in your shell:

pear channel-discover htmlpurifier.org
pear install hp/HTMLPurifier

...and then following the installation instructions.

You can upgrade with:

pear upgrade hp/HTMLPurifier

Git

For those who like to live on the edge, you can also grab the latest developmental code from our Git repository. Simply execute this command in your shell:

git clone git://repo.or.cz/htmlpurifier.git

You must have Git installed. Windows users can grab a copy of Git via the msysgit project.

Code in the trunk actually tends to be quite stable; a combination of extensive unit-testing and atomic commits means that the most recent version will almost never be broken.

Online repository browsing and mirroring services (click links to get pull URLs) are available at numerous places:

• repo.or.cz - Master repository: prefer pulling from it, always push to it. Make this your origin remote if it isn't already. Allows forks, please use them!
• Gitorious - Regular old mirror. Allows forks, but don't use them.
• GitHub - Regular old mirror, but with pretty history visualization tools. Allows forks, but don't use them.
• git.htmlpurifier.org - Dumb HTTP mirror with no web interface, use as last resort.

For backwards compatibility reasons, the Subversion repository is still available, as well as the ViewVC interface. We will also continue to support tags, for projects that use Subversion externals. However, the trunk will not be regularly updated.

HTML Purifier 2.1 for PHP 4

Warning: The HTML Purifier 2.1 series is retired and will only be receiving major bug and security fixes. However, it is compatible with PHP 4 so if you're stuck on this now officially deprecated version of PHP, here are the older downloads:

• HTML Purifier 2.1.5 (.tar.gz)
• HTML Purifier 2.1.5 (.zip)

Installation

File permissions

Starting with HTML Purifier 2.0.0, it is vital that you set proper directory permissions for where HTML Purifier writes out some temporary files. Specifically, HTML Purifier will write out cache files for HTMLDefinition in the subdirectories of HTMLPurifier/DefinitionCache/Serializer. If you are in the library/ folder of HTML Purifier, you can set the appropriate permissions using:

chmod -R 0755 HTMLPurifier/DefinitionCache/Serializer

If the above command doesn't work, you may need to assign write permissions to all. This may be necessary if your webserver runs as nobody, but is not recommended since it means any other user can write files in the directory. Use:

chmod -R 0777 HTMLPurifier/DefinitionCache/Serializer

You can also chmod files via your FTP client; this option is usually accessible by right clicking the corresponding directory and then selecting “chmod” or “file permissions”.

If you are unable or unwilling to give write permissions to the cache directory, you can either disable the cache (and suffer a performance hit):

$config->set('Core', 'DefinitionCache', null);

Or move the cache directory somewhere else (no trailing slash):

$config->set('Cache', 'SerializerPath', '/home/user/absolute/path');

If there is a demand for it, future versions will also support memcached as a caching system.

Quick install

If your website is in UTF-8 and XHTML Transitional, use this code:

<?php
    require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php';
    
    $purifier = new HTMLPurifier();
    $clean_html = $purifier->purify($dirty_html);
?>

If your website is in a different encoding or doctype, use this code:

<?php
    require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php';
    
    $config = HTMLPurifier_Config::createDefault();
    $config->set('Core', 'Encoding', 'ISO-8859-1'); // replace with your encoding
    $config->set('HTML', 'Doctype', 'HTML 4.01 Transitional'); // replace with your doctype
    $purifier = new HTMLPurifier($config);
    
    $clean_html = $purifier->purify($dirty_html);
?>

People with HTML Purifier already in their path (PEAR, for example) can use:

require_once 'HTMLPurifier.auto.php';

For detailed installation instructions, read the INSTALL document.

Mailing list

You can be notified of new releases by a low-traffic announce list. Subscribe here:

Name: E-mail:

We take your privacy very seriously and will not use emails submitted to this web form for any other purposes.

History

Previous releases can be obtained by browsing the release directory or checking code out of the tags/ directory. However, they are not supported and should not be used in live environments. If you are having trouble upgrading, pop over to the forums and get help.