Class which helps construct standard node validation policies.
By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.
All allow functions are additive- elements will be accepted if they are accepted by any specific rule.
It is important to remember that sanitization is not just intended to prevent
cross-site scripting attacks, but also to prevent information from being
displayed in unexpected ways. For example something displaying basic
formatted text may not expect <video>
tags to appear. In this case an
empty NodeValidatorBuilder with just allowTextElements might be
appropriate.
- Implements
Constructors
- NodeValidatorBuilder()
- NodeValidatorBuilder.common()
-
Creates a new NodeValidatorBuilder which accepts common constructs.
Properties
- hashCode → int
-
Get a hash code for this object.
read-only, inherited - runtimeType → Type
-
A representation of the runtime type of the object.
read-only, inherited
Operators
-
operator ==(
other) → bool -
The equality operator.
inherited
Methods
-
add(
NodeValidator validator) → void -
Add an additional validator to the current list of validators.
-
allowCustomElement(
String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void -
Allow custom elements with the specified tag name and specified attributes.
-
allowElement(
String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void -
allowHtml5(
{UriPolicy uriPolicy }) → void -
Allow common safe HTML5 elements and attributes.
-
allowImages(
[UriPolicy uriPolicy ]) → void -
Allows image elements.
-
allowInlineStyles(
{String tagName }) → void -
Allow inline styles on elements.
-
Allows navigation elements- Form and Anchor tags, along with common attributes.
-
allowsAttribute(
Element element, String attributeName, String value) → bool -
Returns true if the attribute is allowed.
-
allowsElement(
Element element) → bool -
Returns true if the tagName is an accepted type.
-
allowSvg(
) → void -
Allow SVG elements and attributes except for known bad ones.
-
allowTagExtension(
String tagName, String baseName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void -
Allow custom tag extensions with the specified type name and specified attributes.
-
allowTemplating(
) → void -
Allow templating elements (such as <template> and template-related attributes.
-
allowTextElements(
) → void -
Allow basic text elements.
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a non-existent method or property is accessed.
inherited -
toString(
) → String -
Returns a string representation of this object.
inherited