NodeValidatorBuilder class - dart:html library (original) (raw)

Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Implemented types

• NodeValidator

Constructors

NodeValidatorBuilder()

NodeValidatorBuilder.common()

Creates a new NodeValidatorBuilder which accepts common constructs.

Properties

hashCode → int

The hash code for this object.

no setterinherited

runtimeType → Type

A representation of the runtime type of the object.

no setterinherited

Methods

add(NodeValidator validator)→ void

Add an additional validator to the current list of validators.

allowCustomElement(String tagName, {UriPolicy? uriPolicy, Iterable<String>? attributes, Iterable<String>? uriAttributes})→ void

Allow custom elements with the specified tag name and specified attributes.

allowElement(String tagName, {UriPolicy? uriPolicy, Iterable<String>? attributes, Iterable<String>? uriAttributes})→ void

allowHtml5({UriPolicy? uriPolicy})→ void

Allow common safe HTML5 elements and attributes.

allowImages([UriPolicy? uriPolicy])→ void

Allows image elements.

allowInlineStyles({String? tagName})→ void

Allow inline styles on elements.

allowNavigation([UriPolicy? uriPolicy])→ void

Allows navigation elements- Form and Anchor tags, along with common attributes.

allowsAttribute(Element element, String attributeName, String value)→ bool

Returns true if the attribute is allowed.

override

allowsElement(Element element)→ bool

Returns true if the tagName is an accepted type.

override

allowSvg()→ void

Allow SVG elements and attributes except for known bad ones.

allowTagExtension(String tagName, String baseName, {UriPolicy? uriPolicy, Iterable<String>? attributes, Iterable<String>? uriAttributes})→ void

Allow custom tag extensions with the specified type name and specified attributes.

allowTemplating()→ void

Allow templating elements (such as and template-related attributes.

allowTextElements()→ void

Allow basic text elements.

noSuchMethod(Invocation invocation)→ dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString()→ String

A string representation of this object.

inherited

Operators

operator ==(Object other)→ bool

The equality operator.

inherited