The current version of HTML Purifier is
3.1.0rc1, released on
2008-04-22, and is compatible with
PHP 5.0.5 and up (all code is E_STRICT
compliant). This library is open-source,
licensed under the LGPL
v2.1+. We offer multiple ways of downloading
and installing HTML Purifier.
Table of Contents
Standard
We offer the standard zip and tarball downloads. Download them, unzip them, and with a few simple installation steps get to using HTML Purifier right away:
Lite Distribution
No, it's not magically faster. HTML Purifier Lite offers the same
functionality of HTML Purifier (standard), except that anything not
essentially to the basic functioning of the library has been stripped
out: end-user documentation, unit-tests, profiling, maintenance scripts, etc.
Just the library folder.
Standalone Distribution
For those of you who balk at the possibility of a 100+ includes, we also
offer a conveniently packaged single-file version of HTML Purifier. Well,
not really, since HTML Purifier does require some auxiliary files in
order to work (but they are neatly tucked away in a folder named
standalone). Include HTMLPurifier.standalone.php
and be done with it!
SHA-1 checksums
Here are the SHA-1 checksums you can use to verify the integrity of your HTML Purifier download:
332119141df181aefed928246e14c801a53b667d htmlpurifier-3.1.0rc1-lite.tar.gz cfdb8b8cf58815aeab9bf2520ae98386428d7890 htmlpurifier-3.1.0rc1-lite.zip ecea1dee9e9378120e258cae7df8bc8ecc193720 htmlpurifier-3.1.0rc1-standalone.tar.gz 0a909cb4fe62ddca182694312cf2849b1bde65f6 htmlpurifier-3.1.0rc1-standalone.zip 9b5c8cfc1e631457102d0d72a8fbfc871c9bc6ed htmlpurifier-3.1.0rc1.tar.gz 7a152a3d1828ab9f7a1a9b1fd24bddc08b266301 htmlpurifier-3.1.0rc1.zip
GnuPG signatures
There are .sig files which you can use to cryptographically verify that the release is from me, Edward Z. Yang. You can find my public key here (0x869C48DA). My key's fingerprint is: 3FA8 E9A9 7385 B691 A6FC B3CB A933 BE7D 869C 48DA.
Verify files with this command:
gpg --verify $filename.sig
PEAR
HTML Purifier is also available via a PEAR channel. The PEAR installer is an incredibly powerful and robust way to install PHP packages, and does not have to be limited to packages found on pear.php.net. With PEAR, installing is as simple as these two commands in your shell:
pear channel-discover htmlpurifier.org pear install hp/HTMLPurifier
...and then following the installation instructions.
You can upgrade with:
pear upgrade hp/HTMLPurifier
Subversion
For those who like to live on the edge, you can also grab the latest developmental code from our Subversion repository. Simply execute this command in your shell (you must have Subversion installed):
svn co http://htmlpurifier.org/svnroot/htmlpurifier/trunk ./
Code in the trunk actually tends to be quite stable; a combination of extensive unit-testing and atomic commits means that the most recent version will almost never be broken.
For the less adventurous, you can take a peek at specific files by browsing anonymously at the repository root or using ViewVC to view the repository.
HTML Purifier 2.1 for PHP 4
Warning: The HTML Purifier 2.1 series is retired and will only be receiving major bug and security fixes. However, it is compatible with PHP 4 so if you're stuck on this now officially deprecated version of PHP, here are the older downloads:
Nightly Builds
Nightly tarballs of the most recent SVN snapshots are available
for those of you who want to live on the edge but never got
svn export to work. These builds are PHP5 only.
The build is performed every day at midnight, and is available here:
- HTML Purifier Trunk Snapshot (.tar.gz)
- HTML Purifier Trunk Snapshot Lite (.tar.gz)
- HTML Purifier Trunk Snapshot Standalone (.tar.gz)
Known issues with the nightly builds:
- French documentation is ridiculously out-of-date.
Installation
File permissions
Starting with HTML Purifier 2.0.0, it is vital that you set
proper directory permissions for where HTML Purifier writes out
some temporary files. Specifically, HTML Purifier will write
out cache files for HTMLDefinition in the subdirectories of
HTMLPurifier/DefinitionCache/Serializer. If you are in
the library/ folder of HTML Purifier, you can set the
appropriate permissions using:
chmod -R 0755 HTMLPurifier/DefinitionCache/Serializer
If the above command doesn't work, you may need to assign write permissions to all. This may be necessary if your webserver runs as nobody, but is not recommended since it means any other user can write files in the directory. Use:
chmod -R 0777 HTMLPurifier/DefinitionCache/Serializer
You can also chmod files via your FTP client; this option is usually accessible by right clicking the corresponding directory and then selecting “chmod” or “file permissions”.
If you are unable or unwilling to give write permissions to the cache directory, you can either disable the cache (and suffer a performance hit):
$config->set('Core', 'DefinitionCache', null);
Or move the cache directory somewhere else (no trailing slash):
$config->set('Cache', 'SerializerPath', '/home/user/absolute/path');
If there is a demand for it, future versions will also support memcached as a caching system.
Quick install
If your website is in UTF-8 and XHTML Transitional, use this code:
<?php
require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php';
$purifier = new HTMLPurifier();
$clean_html = $purifier->purify($dirty_html);
?>
If your website is in a different encoding or doctype, use this code:
<?php
require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'Encoding', 'ISO-8859-1'); // replace with your encoding
$config->set('HTML', 'Doctype', 'HTML 4.01 Transitional'); // replace with your doctype
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
?>
People with HTML Purifier already in their path (PEAR, for example) can use:
require_once 'HTMLPurifier.auto.php';
For detailed installation instructions, read the
INSTALL
document.
Mailing list
You can be notified of new releases by a low-traffic announce list. Subscribe here:
We take your privacy very seriously and will not use emails submitted to this web form for any other purposes.
History
Previous releases can be obtained by browsing the release directory or checking code out of the tags/ directory. However, they are not supported and should not be used in live environments. If you are having trouble upgrading, pop over to the forums and get help.