Create a DocumentFragment from the HTML fragment and ensure that it follows the sanitization rules specified by the validator or treeSanitizer.
If the default validation behavior is too restrictive then a new NodeValidator should be created, either extending or wrapping a default validator and overriding the validation APIs.
The treeSanitizer is used to walk the generated node tree and sanitize it. A custom treeSanitizer can also be provided to perform special validation rules but since the API is more complex to implement this is discouraged.
The returned tree is guaranteed to only contain nodes and attributes which are allowed by the provided validator.
See also:
DocumentFragment createFragment(String html,
{NodeValidator validator, NodeTreeSanitizer treeSanitizer}) {
if (Range.supportsCreateContextualFragment) {
return super.createFragment(html,
validator: validator, treeSanitizer: treeSanitizer);
}
// IE9 workaround which does not support innerHTML on Table elements.
var contextualHtml = '<table>$html</table>';
var table = new Element.html(contextualHtml,
validator: validator, treeSanitizer: treeSanitizer);
var fragment = new DocumentFragment();
fragment.nodes.addAll(table.nodes);
return fragment;
}