aimeos/sanitizer
Laravel package providing data sanitization helpers: clean and normalize input, strip unwanted characters/tags, and validate common formats. Useful for securing request data and preparing values for storage, APIs, and user-facing output.
Start by installing the package via Composer: composer require aimeos/sanitizer. It provides a lightweight, configurable sanitizer designed to strip potentially harmful content (like script tags, event handlers, JavaScript URLs) from user-submitted HTML while preserving safe markup. The first use case is typically sanitizing input before storing or rendering user-generated content—such as comments, descriptions, or profile bios—especially in multi-user applications where XSS prevention is critical. Begin by calling Aimeos\Sanitizer\Sanitizer::make()->sanitize($html) to get started with default settings.
A common workflow is integrating the sanitizer into request validation or middleware layers. For example, in Laravel, you can register a custom rule or extend the ValidateAttributes trait to sanitize specific request fields before database persistence. It’s also effective in job queues for batch-processing legacy content or scheduled cleanup tasks. Since the sanitizer is stateless and highly configurable, create reusable service classes (e.g., HtmlSanitizerService) that wrap the core Sanitizer to standardize policy across modules. You can also chain sanitizers: run Sanitizer::make()->sanitize() first, then apply DOM-based parsing (e.g., with DOMDocument) for more granular control. For APIs, sanitize response payloads in a custom Fractal transformer or Laravel API Resource transformer if output untrusted data.
style, class, etc.). Review config/sanitizer.php (if published) or explicitly pass a custom config profile—like 'safe', 'relaxed', or 'strict'—to avoid unintended data leakage or rendering issues.onclick are removed, but inline style attributes and class may remain unless restricted. To lock down further, use the 'allowed_attributes' option to define a strict list.DOMDocument, which may auto-correct malformed HTML (e.g., inserting missing tbody or closing tags), potentially altering structure unexpectedly. Always test with real-world edge cases (e.g., nested unclosed tags, script injections in comments).$request->all() and applies Sanitizer::make()->sanitize() to string values—but avoid sanitizing binary data or JSON payloads without filtering.How can I help you explore Laravel packages today?