NodeValidatorBuilder class
Class which helps construct standard node validation policies.
By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.
All allow functions are additive- elements will be accepted if they are accepted by any specific rule.
It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.
- Implements
Constructors
- NodeValidatorBuilder()
- NodeValidatorBuilder.common()
-
Creates a new NodeValidatorBuilder which accepts common constructs.
Properties
- hashCode → int read-only, inherited
-
The hash code for this object.
- runtimeType → Type read-only, inherited
-
A representation of the runtime type of the object.
Operators
- operator ==(
other) → bool inherited -
The equality operator.
Methods
- add(
NodeValidator validator) → void -
Add an additional validator to the current list of validators.
- allowCustomElement(
String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void -
Allow custom elements with the specified tag name and specified attributes.
- allowElement(
String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void - allowHtml5(
{UriPolicy uriPolicy }) → void -
Allow common safe HTML5 elements and attributes.
- allowImages(
[UriPolicy uriPolicy ]) → void -
Allows image elements.
- allowInlineStyles(
{String tagName }) → void -
Allow inline styles on elements.
-
Allows navigation elements- Form and Anchor tags, along with common attributes.
- allowsAttribute(
Element element, String attributeName, String value) → bool -
Returns true if the attribute is allowed.
- allowsElement(
Element element) → bool -
Returns true if the tagName is an accepted type.
- allowSvg(
) → void -
Allow SVG elements and attributes except for known bad ones.
- allowTagExtension(
String tagName, String baseName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void -
Allow custom tag extensions with the specified type name and specified attributes.
- allowTemplating(
) → void -
Allow templating elements (such as and template-related attributes.
- allowTextElements(
) → void -
Allow basic text elements.
- noSuchMethod(
Invocation invocation) → dynamic inherited -
Invoked when a non-existent method or property is accessed.
- toString(
) → String inherited -
Returns a string representation of this object.
© 2012 the Dart project authors
Licensed under the Creative Commons Attribution-ShareAlike License v4.0.
https://api.dartlang.org/stable/1.24.3/dart-html/NodeValidatorBuilder-class.html