Site in read-only mode

This site is now read-only following the release of MyBB 1.8 and the new mods site.

If you are looking for MyBB 1.8 mods please click here to visit the new mods site.

You can continue to download submissions for MyBB 1.6 and earlier here, however new submissions will only be accepted via the new mods site.


Remove malicious code from HTML in posts, pm, and signatures.

Version: 1.0
Author: frostschutz
Submitted: 23rd January 2011
Last Updated: 23rd January 2011
Use the HTMLPurifier library to filter malicious HTML. Open Source, LGPL.

I can't vouch for the quality of the filtered HTML, as that is done by the external library.
Because the filtering is highly expensive, it is only done as you post (before it goes into the database).
Bad HTML can cause text to be filtered (and thereby lost) when posting.
Signatures are only filtered when edited via the User CP. Mod CP / Admin CP edits are not affected.

Installation instructions:

- Upload htmlpurifier.php to inc/plugins/

- Download the HTMLPurifier Library from
(use version 4.2.0 or newer)

- Upload the HTMLPurifier library to inc/plugins/htmlpurifier/
(only the library/ folder, rename it to htmlpurifier/)

- Create a directory cache/htmlpurifier and make it writable

- Activate the plugin