dart:html
NodeValidatorBuilder class
Class which helps construct standard node validation policies.
By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.
All allow functions are additive- elements will be accepted if they are accepted by any specific rule.
It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video>
tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.
- Implemented types
-
Constructors
- NodeValidatorBuilder()
- NodeValidatorBuilder.common()
- Creates a new NodeValidatorBuilder which accepts common constructs. [...]
Properties
- hashCode → int
read-only, inherited
- The hash code for this object. [...]
- runtimeType → Type
read-only, inherited
- A representation of the runtime type of the object.
Methods
- add(NodeValidator validator) → void
- Add an additional validator to the current list of validators. [...]
- allowCustomElement(String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void
- Allow custom elements with the specified tag name and specified attributes. [...]
- allowElement(String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void
- allowHtml5({UriPolicy uriPolicy }) → void
- Allow common safe HTML5 elements and attributes. [...]
- allowImages([UriPolicy uriPolicy ]) → void
- Allows image elements. [...]
- allowInlineStyles({String tagName }) → void
- Allow inline styles on elements. [...]
- allowNavigation([UriPolicy uriPolicy ]) → void
- Allows navigation elements- Form and Anchor tags, along with common attributes. [...]
- allowsAttribute(Element element, String attributeName, String value) → bool
override
- Returns true if the attribute is allowed. [...]
- allowsElement(Element element) → bool
override
- Returns true if the tagName is an accepted type.
- allowSvg() → void
- Allow SVG elements and attributes except for known bad ones.
- allowTagExtension(String tagName, String baseName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void
- Allow custom tag extensions with the specified type name and specified attributes. [...]
- allowTemplating() → void
- Allow templating elements (such as and template-related attributes. [...]
- allowTextElements() → void
- Allow basic text elements. [...]
- noSuchMethod(Invocation invocation) → dynamic
inherited
- Invoked when a non-existent method or property is accessed. [...]
- toString() → String
inherited
- Returns a string representation of this object.
Operators
- operator ==(dynamic other) → bool
inherited
- The equality operator. [...]