Dart
dart:html
NodeValidatorBuilder class

NodeValidatorBuilder class

Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Implemented types

NodeValidator

Constructors

NodeValidatorBuilder()
NodeValidatorBuilder.common(): Creates a new NodeValidatorBuilder which accepts common constructs. [...]

Properties

hashCode → int: The hash code for this object. [...]
read-only, inherited
runtimeType → Type: A representation of the runtime type of the object.
read-only, inherited

Methods

add(NodeValidator validator) → void: Add an additional validator to the current list of validators. [...]
allowCustomElement(String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void: Allow custom elements with the specified tag name and specified attributes. [...]
allowElement(String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void
allowHtml5({UriPolicy uriPolicy }) → void: Allow common safe HTML5 elements and attributes. [...]
allowImages([UriPolicy uriPolicy ]) → void: Allows image elements. [...]
allowInlineStyles({String tagName }) → void: Allow inline styles on elements. [...]
allowNavigation([UriPolicy uriPolicy ]) → void: Allows navigation elements- Form and Anchor tags, along with common attributes. [...]
allowsAttribute(Element element, String attributeName, String value) → bool: Returns true if the attribute is allowed. [...]
override
allowsElement(Element element) → bool: Returns true if the tagName is an accepted type.
override
allowSvg() → void: Allow SVG elements and attributes except for known bad ones.
allowTagExtension(String tagName, String baseName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void: Allow custom tag extensions with the specified type name and specified attributes. [...]
allowTemplating() → void: Allow templating elements (such as [...]
allowTextElements() → void: Allow basic text elements. [...]
noSuchMethod(Invocation invocation) → dynamic: Invoked when a non-existent method or property is accessed. [...]
inherited
toString() → String: Returns a string representation of this object.
inherited

Operators

operator ==(dynamic other) → bool: The equality operator. [...]
inherited