How do I install stevebauman/purify in my Laravel project?

Run `composer require stevebauman/purify` in your project root, then publish the config file with `php artisan vendor:publish --provider="Stevebauman\Purify\PurifyServiceProvider"`. No additional setup is required for basic usage.

Can I sanitize an entire array of HTML strings at once?

Yes. Use `Purify::clean($array)` to sanitize all elements in an array simultaneously. Each string is processed with the default or specified configuration rules.

What Laravel versions does stevebauman/purify support?

The package supports Laravel 7.0 and above. It requires PHP 7.4+ and is compatible with modern Laravel LTS releases. Check the [README](https://github.com/stevebauman/purify) for version-specific notes.

How do I override the default sanitization rules for a specific input?

Pass a custom configuration array as the second argument to `Purify::clean($input, $config)`. For example, allow ` ` tags only: `Purify::clean($input, ['HTML.Allowed' => 'strong'])`.

Does stevebauman/purify work with WYSIWYG editors like Trix or CKEditor?

Yes, but you’ll need to extend the default configuration. The package supports custom HTML/CSS definitions. For Trix, you can use `TrixPurifierDefinitions` or define your own rules in the config file.

How do I enable caching to improve performance?

Caching is enabled by default in production. If disabled, set `'cache_enabled' => true` in the published config file. Clear the cache after config changes with `php artisan purify:clear`.

What happens if I allow unsafe HTML tags (e.g., ` `) by mistake?

This creates an XSS vulnerability. Always start with conservative defaults (e.g., `HTML.Allowed = 'p,b,strong,a[href]'`), test thoroughly, and use the `purify:clear` command to validate changes before deploying.

Can I use stevebauman/purify with Eloquent model attributes?

Yes. Use the `PurifyHtmlOnGet` and `PurifyHtmlOnSet` casts in your model to automatically sanitize HTML when saving or retrieving data. Example: `$casts = ['body' => PurifyHtmlOnSet::class];`

What are the risks of disabling caching in production?

Disabling caching increases CPU and memory usage, especially under high traffic. HTMLPurifier’s serialized definitions are cached by default in production. Monitor performance if caching is disabled.

Are there alternatives to stevebauman/purify for Laravel HTML sanitization?

Yes, alternatives include `laravel-sanitizer` (simpler but less flexible) or using `HTMLPurifier` directly. This package is preferred for its Laravel-native integration, dynamic config, and Eloquent support. Evaluate based on your need for customization vs. simplicity.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Purify Laravel Package

stevebauman/purify

Laravel wrapper for HTMLPurifier to sanitize user-submitted HTML. Clean strings or arrays via a simple facade, with support for dynamic per-call configuration, published config, and caching options to keep output safe and consistent.

View on GitHub

Deep Wiki

Context7

An HTML Purifier / Sanitizer for Laravel

Frequently asked questions about Purify

How do I install stevebauman/purify in my Laravel project?: Run `composer require stevebauman/purify` in your project root, then publish the config file with `php artisan vendor:publish --provider="Stevebauman\Purify\PurifyServiceProvider"`. No additional setup is required for basic usage.
Can I sanitize an entire array of HTML strings at once?: Yes. Use `Purify::clean($array)` to sanitize all elements in an array simultaneously. Each string is processed with the default or specified configuration rules.
What Laravel versions does stevebauman/purify support?: The package supports Laravel 7.0 and above. It requires PHP 7.4+ and is compatible with modern Laravel LTS releases. Check the [README](https://github.com/stevebauman/purify) for version-specific notes.
How do I override the default sanitization rules for a specific input?: Pass a custom configuration array as the second argument to `Purify::clean($input, $config)`. For example, allow `<strong>` tags only: `Purify::clean($input, ['HTML.Allowed' => 'strong'])`.
Does stevebauman/purify work with WYSIWYG editors like Trix or CKEditor?: Yes, but you’ll need to extend the default configuration. The package supports custom HTML/CSS definitions. For Trix, you can use `TrixPurifierDefinitions` or define your own rules in the config file.
How do I enable caching to improve performance?: Caching is enabled by default in production. If disabled, set `'cache_enabled' => true` in the published config file. Clear the cache after config changes with `php artisan purify:clear`.
What happens if I allow unsafe HTML tags (e.g., `<script>`) by mistake?: This creates an XSS vulnerability. Always start with conservative defaults (e.g., `HTML.Allowed = 'p,b,strong,a[href]'`), test thoroughly, and use the `purify:clear` command to validate changes before deploying.
Can I use stevebauman/purify with Eloquent model attributes?: Yes. Use the `PurifyHtmlOnGet` and `PurifyHtmlOnSet` casts in your model to automatically sanitize HTML when saving or retrieving data. Example: `$casts = ['body' => PurifyHtmlOnSet::class];`
What are the risks of disabling caching in production?: Disabling caching increases CPU and memory usage, especially under high traffic. HTMLPurifier’s serialized definitions are cached by default in production. Monitor performance if caching is disabled.
Are there alternatives to stevebauman/purify for Laravel HTML sanitization?: Yes, alternatives include `laravel-sanitizer` (simpler but less flexible) or using `HTMLPurifier` directly. This package is preferred for its Laravel-native integration, dynamic config, and Eloquent support. Evaluate based on your need for customization vs. simplicity.

Popularity trends

Recorded values over time (once-a-day snapshots). May 8, 2026 – Jun 6, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

538

Favorites

541

Forks

Score

29.2

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 538

+2.7
Forks

input: 38

+1.1
Open issues + PRs

input: 0

+0.0
Releases

input: 31

+9.3
Recency

input: 79

+15.7
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 28.8

Opportunity

43.3

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

68.6
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×0.97

Total 43.2

License

MIT

Last release

Mar 18, 2026

Watchers

Downloads

299K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai