NodeValidatorBuilder class
Class which helps construct standard node validation policies.
By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.
All allow functions are additive- elements will be accepted if they are accepted by any specific rule.
It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.
- Implemented types
Constructors
- NodeValidatorBuilder()
- NodeValidatorBuilder.common()
- Creates a new NodeValidatorBuilder which accepts common constructs. [...]
Properties
- hashCode → int read-only, inherited
- The hash code for this object. [...]
- runtimeType → Type read-only, inherited
- A representation of the runtime type of the object.
Methods
- add(
NodeValidator validator) → void - Add an additional validator to the current list of validators. [...]
- allowCustomElement(
String tagName, {UriPolicy? uriPolicy, Iterable< String> ? attributes, Iterable<String> ? uriAttributes}) → void - Allow custom elements with the specified tag name and specified attributes. [...]
- allowElement(
String tagName, {UriPolicy? uriPolicy, Iterable< String> ? attributes, Iterable<String> ? uriAttributes}) → void - allowHtml5(
{UriPolicy? uriPolicy}) → void - Allow common safe HTML5 elements and attributes. [...]
- allowImages(
[UriPolicy? uriPolicy]) → void - Allows image elements. [...]
- allowInlineStyles(
{String? tagName}) → void - Allow inline styles on elements. [...]
- Allows navigation elements- Form and Anchor tags, along with common attributes. [...]
- allowsAttribute(
Element element, String attributeName, String value) → bool override - Returns true if the attribute is allowed. [...]
- allowsElement(
Element element) → bool override - Returns true if the tagName is an accepted type.
- allowSvg(
) → void - Allow SVG elements and attributes except for known bad ones.
- allowTagExtension(
String tagName, String baseName, {UriPolicy? uriPolicy, Iterable< String> ? attributes, Iterable<String> ? uriAttributes}) → void - Allow custom tag extensions with the specified type name and specified attributes. [...]
- allowTemplating(
) → void - Allow templating elements (such as and template-related attributes. [...]
- allowTextElements(
) → void - Allow basic text elements. [...]
- noSuchMethod(
Invocation invocation) → dynamic inherited - Invoked when a non-existent method or property is accessed. [...]
- toString(
) → String inherited - A string representation of this object. [...]
Operators
- operator ==(
Object other) → bool inherited - The equality operator. [...]
© 2012 the Dart project authors
Licensed under the Creative Commons Attribution-ShareAlike License v4.0.
https://api.dart.dev/stable/2.13.0/dart-html/NodeValidatorBuilder-class.html