Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Implements

Constructors

NodeValidatorBuilder()

NodeValidatorBuilder.common()

Creates a new NodeValidatorBuilder which accepts common constructs.

Methods

add(NodeValidator validator) → void

Add an additional validator to the current list of validators.

allowCustomElement(String tagName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes}) → void

Allow custom elements with the specified tag name and specified attributes.

allowElement(String tagName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes}) → void

allowHtml5({UriPolicy uriPolicy}) → void

Allow common safe HTML5 elements and attributes.

allowImages([UriPolicy uriPolicy]) → void

Allows image elements.

allowInlineStyles({String tagName}) → void

Allow inline styles on elements.

allowNavigation([UriPolicy uriPolicy]) → void

Allows navigation elements- Form and Anchor tags, along with common attributes.

allowsAttribute(Element element, String attributeName, String value) → bool

Returns true if the attribute is allowed.

allowsElement(Element element) → bool

Returns true if the tagName is an accepted type.

allowSvg() → void

Allow SVG elements and attributes except for known bad ones.

allowTagExtension(String tagName, String baseName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes}) → void

Allow custom tag extensions with the specified type name and specified attributes.

allowTemplating() → void

Allow templating elements (such as <template> and template-related attributes.

allowTextElements() → void

Allow basic text elements.