Drupal Association members fund grants that make connections all over the world.
The htmLawed module uses the htmLawed PHP library to restrict and purify HTML for compliance with site administrator policy and standards and for security. Use of the htmLawed library allows for highly customizable control of HTML markup. See the handbook for more on the module. Current htmLawed modules for Drupal 7 and 8 can use an htmLawed library that is specified by the Libraries module.
Its speed and high configurability as well as its coverage of entire HTML (including elements like script, form and embed, CDATA sections, HTML comments, etc.) sets htmLawed apart from the in-built Drupal HTML filter as well as many other filters that require external applications like HTML Tidy or use incomplete, or large and resource-intensive libraries like HTMLPurifier.
The highly-customizable htmLawed filter can be used to make text with HTML more secure, and HTML standards- and admin. policy-compliant. It can auto-correct and beautify HTML markup and restrict HTML elements (tags), attributes, and URL protocols in the input. It also balances tags and checks for proper nesting of the HTML elements. Furthermore, it can transform deprecated tags and attributes, check and convert character entities (e.g., from hexadecimal to decimal type), obfuscate email addresses as an anti-spam measure, etc. htmLawed is a GPL 3/LGPL 2+ licensed, single-file (<50 Kb) script with a basal peak memory usage of just ~0.5 Mb, and is well-documented. It can be tested on this demo page.
The htmLawed library distributed with the module may not be up-to-date. Admins can look for a newer version of htmLawed, including one with HTML5 support on its website.
- Maintenance status: Actively maintained
- Development status: Under active development
- Module categories: Content, Content Display, Filters/Editors, Security
- Reported installs: 1,100 sites currently report using this module. View usage statistics.
- Downloads: 44,291
- Last modified: November 30, 2015
- Stable releases are covered by the security advisory policy.
Look for the shield icon below.