How do I integrate this sanitizer into Laravel’s request validation pipeline?

Use the package in a `FormRequest` class or middleware. For example, in a `FormRequest`, inject the sanitizer via Laravel’s service container and apply it to user-submitted HTML/SVG fields before validation. Alternatively, create middleware to sanitize input globally for API endpoints or uploads.

Does this package support SVG sanitization for user uploads in Laravel?

Yes, initialize the sanitizer with `DOMSanitizer::SVG` to restrict processing to SVG-specific tags and attributes. This is ideal for sanitizing uploaded SVG files or dynamic SVG content in Laravel applications. Customize allowed tags/attributes if you need to support specific SVG features like filters or animations.

Can I use this package with Laravel 8+ and PHP 7.3+?

Absolutely. The package requires PHP 7.3+ and is fully compatible with Laravel 8, 9, and 10. It leverages PHP’s native DOMDocument, so no additional PHP extensions or dependencies are needed beyond Composer. No breaking changes are expected for supported PHP versions.

How do I customize allowed tags or attributes for my Laravel app?

Use the `addAllowedTags()`, `addAllowedAttributes()`, `addDisallowedTags()`, or `addDisallowedAttributes()` methods to modify the default allowlists. For example, if you need to whitelist SVG ` ` elements, call `$sanitizer->addAllowedTags(['filter'])` before sanitizing. This is useful for tailoring the sanitizer to specific Laravel feature requirements.

Is this package secure against XXE attacks in Laravel?

Yes, the package is hardened against XXE (XML External Entity) attacks by default. It uses `LIBXML_NONET` and `libxml_disable_entity_loader()` to disable external entity processing and network access during parsing. This aligns with Laravel’s security-first approach and mitigates OWASP A03:2021 (Injection) risks.

How do I benchmark performance for high-volume XML/HTML sanitization in Laravel?

Test the package with your expected input volume using Laravel’s built-in benchmarking tools or PHP’s `microtime()`. Enable the `compress-output` option to optimize performance for large payloads. For CMS content or bulk uploads, consider caching sanitized output or processing in batches to avoid bottlenecks.

Can I use this sanitizer in Laravel middleware to protect API endpoints?

Yes, wrap the sanitizer in middleware to automatically sanitize XML/HTML/SVG input for API endpoints. For example, create middleware that checks for SVG/HTML payloads and applies the sanitizer before processing. This ensures consistent security across all API routes handling untrusted input.

What happens if the sanitizer encounters malformed XML or HTML in Laravel?

The package will throw a `DOMException` if the input is malformed. In Laravel, catch this exception in your middleware, request validation, or upload handlers to log errors or reject invalid input. For example, wrap the sanitizer call in a try-catch block to handle edge cases gracefully.

Are there alternatives to this package for Laravel SVG/HTML sanitization?

Other options include DOMPurify’s PHP port (less actively maintained) or HTMLPurifier, but this package stands out for its SVG/MathML support, MIT license, and Laravel-friendly design. It’s also lighter weight, avoiding external dependencies beyond Composer, which simplifies integration into Laravel’s ecosystem.

How do I test the sanitizer in Laravel’s PHPUnit test suite?

Write unit tests to verify allow/deny lists by comparing sanitized output against expected results. Adapt the package’s regression tests for XXE/CSS injection into your test suite. For example, test SVG uploads by mocking file content and asserting the sanitizer removes dangerous attributes while preserving safe ones.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Dom Sanitizer Laravel Package

rhukster/dom-sanitizer

MIT-licensed PHP 7.3+ DOM/SVG/MathML sanitizer using DOMDocument and DOMPurify-based allowlists. Remove dangerous tags/attributes, strip namespaces and PHP/HTML/XML tags, and optionally compress output. Supports HTML, SVG, and MathML modes.

View on GitHub

Deep Wiki

Context7

A simple but effective DOM/SVG/MathML Sanitizer for PHP 7.3+

Frequently asked questions about Dom Sanitizer

How do I integrate this sanitizer into Laravel’s request validation pipeline?: Use the package in a `FormRequest` class or middleware. For example, in a `FormRequest`, inject the sanitizer via Laravel’s service container and apply it to user-submitted HTML/SVG fields before validation. Alternatively, create middleware to sanitize input globally for API endpoints or uploads.
Does this package support SVG sanitization for user uploads in Laravel?: Yes, initialize the sanitizer with `DOMSanitizer::SVG` to restrict processing to SVG-specific tags and attributes. This is ideal for sanitizing uploaded SVG files or dynamic SVG content in Laravel applications. Customize allowed tags/attributes if you need to support specific SVG features like filters or animations.
Can I use this package with Laravel 8+ and PHP 7.3+?: Absolutely. The package requires PHP 7.3+ and is fully compatible with Laravel 8, 9, and 10. It leverages PHP’s native DOMDocument, so no additional PHP extensions or dependencies are needed beyond Composer. No breaking changes are expected for supported PHP versions.
How do I customize allowed tags or attributes for my Laravel app?: Use the `addAllowedTags()`, `addAllowedAttributes()`, `addDisallowedTags()`, or `addDisallowedAttributes()` methods to modify the default allowlists. For example, if you need to whitelist SVG `<filter>` elements, call `$sanitizer->addAllowedTags(['filter'])` before sanitizing. This is useful for tailoring the sanitizer to specific Laravel feature requirements.
Is this package secure against XXE attacks in Laravel?: Yes, the package is hardened against XXE (XML External Entity) attacks by default. It uses `LIBXML_NONET` and `libxml_disable_entity_loader()` to disable external entity processing and network access during parsing. This aligns with Laravel’s security-first approach and mitigates OWASP A03:2021 (Injection) risks.
How do I benchmark performance for high-volume XML/HTML sanitization in Laravel?: Test the package with your expected input volume using Laravel’s built-in benchmarking tools or PHP’s `microtime()`. Enable the `compress-output` option to optimize performance for large payloads. For CMS content or bulk uploads, consider caching sanitized output or processing in batches to avoid bottlenecks.
Can I use this sanitizer in Laravel middleware to protect API endpoints?: Yes, wrap the sanitizer in middleware to automatically sanitize XML/HTML/SVG input for API endpoints. For example, create middleware that checks for SVG/HTML payloads and applies the sanitizer before processing. This ensures consistent security across all API routes handling untrusted input.
What happens if the sanitizer encounters malformed XML or HTML in Laravel?: The package will throw a `DOMException` if the input is malformed. In Laravel, catch this exception in your middleware, request validation, or upload handlers to log errors or reject invalid input. For example, wrap the sanitizer call in a try-catch block to handle edge cases gracefully.
Are there alternatives to this package for Laravel SVG/HTML sanitization?: Other options include DOMPurify’s PHP port (less actively maintained) or HTMLPurifier, but this package stands out for its SVG/MathML support, MIT license, and Laravel-friendly design. It’s also lighter weight, avoiding external dependencies beyond Composer, which simplifies integration into Laravel’s ecosystem.
How do I test the sanitizer in Laravel’s PHPUnit test suite?: Write unit tests to verify allow/deny lists by comparing sanitized output against expected results. Adapt the package’s regression tests for XXE/CSS injection into your test suite. For example, test SVG uploads by mocking file content and asserting the sanitizer removes dangerous attributes while preserving safe ones.

Popularity trends

Recorded values over time (once-a-day snapshots). May 7, 2026 – Jun 5, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

21.9

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 11

+0.1
Forks

input: 4

+0.1
Open issues + PRs

input: 0

+0.0
Releases

input: 12

+3.6
Recency

input: 42

+17.7
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 21.5

Opportunity

64.1

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

100.0
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×0.98

Total 63.9

License

MIT

Last release

Apr 24, 2026

Watchers

Downloads

143K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai