NodeValidatorBuilder class
Class which helps construct standard node validation policies.
By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.
All allow functions are additive- elements will be accepted if they are accepted by any specific rule.
It is important to remember that sanitization is not just intended to prevent
cross-site scripting attacks, but also to prevent information from being
displayed in unexpected ways. For example something displaying basic
formatted text may not expect <video>
tags to appear. In this case an
empty NodeValidatorBuilder with just allowTextElements might be
appropriate.
- Implemented types
Constructors
- NodeValidatorBuilder()
- NodeValidatorBuilder.common()
- Creates a new NodeValidatorBuilder which accepts common constructs. [...]
Properties
- hashCode → int
-
The hash code for this object. [...]
read-only, inherited
- runtimeType → Type
-
A representation of the runtime type of the object.
read-only, inherited
Methods
-
add(
NodeValidator validator ) → void - Add an additional validator to the current list of validators. [...]
-
allowCustomElement(
String tagName, {UriPolicy uriPolicy, Iterable< String> attributes,Iterable< String> uriAttributes}) → void - Allow custom elements with the specified tag name and specified attributes. [...]
-
allowElement(
String tagName, {UriPolicy uriPolicy, Iterable< String> attributes,Iterable< String> uriAttributes}) → void -
allowHtml5(
{UriPolicy uriPolicy} ) → void - Allow common safe HTML5 elements and attributes. [...]
-
allowImages(
[UriPolicy uriPolicy] ) → void - Allows image elements. [...]
-
allowInlineStyles(
{String tagName} ) → void - Allow inline styles on elements. [...]
- Allows navigation elements- Form and Anchor tags, along with common attributes. [...]
-
allowsAttribute(
Element element, String attributeName, String value ) → bool -
Returns true if the attribute is allowed. [...]
override
-
allowsElement(
Element element ) → bool -
Returns true if the tagName is an accepted type.
override
-
allowSvg(
) → void - Allow SVG elements and attributes except for known bad ones.
-
allowTagExtension(
String tagName, String baseName, {UriPolicy uriPolicy, Iterable< String> attributes,Iterable< String> uriAttributes}) → void - Allow custom tag extensions with the specified type name and specified attributes. [...]
-
allowTemplating(
) → void - Allow templating elements (such as and template-related attributes. [...]
-
allowTextElements(
) → void - Allow basic text elements. [...]
-
noSuchMethod(
Invocation invocation ) → dynamic -
Invoked when a non-existent method or property is accessed. [...]
inherited
-
toString(
) → String -
Returns a string representation of this object.
inherited
Operators
-
operator ==(
dynamic other ) → bool -
The equality operator. [...]
inherited