NodeValidatorBuilder class

Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Implemented types


Creates a new NodeValidatorBuilder which accepts common constructs. [...]


hashCode int
The hash code for this object. [...]
read-only, inherited
runtimeType Type
A representation of the runtime type of the object.
read-only, inherited


add(NodeValidator validator) → void
Add an additional validator to the current list of validators. [...]
allowCustomElement(String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void
Allow custom elements with the specified tag name and specified attributes. [...]
allowElement(String tagName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void
allowHtml5({UriPolicy uriPolicy }) → void
Allow common safe HTML5 elements and attributes. [...]
allowImages([UriPolicy uriPolicy ]) → void
Allows image elements. [...]
allowInlineStyles({String tagName }) → void
Allow inline styles on elements. [...]
allowNavigation([UriPolicy uriPolicy ]) → void
Allows navigation elements- Form and Anchor tags, along with common attributes. [...]
allowsAttribute(Element element, String attributeName, String value) bool
Returns true if the attribute is allowed. [...]
allowsElement(Element element) bool
Returns true if the tagName is an accepted type.
allowSvg() → void
Allow SVG elements and attributes except for known bad ones.
allowTagExtension(String tagName, String baseName, { UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes }) → void
Allow custom tag extensions with the specified type name and specified attributes. [...]
allowTemplating() → void
Allow templating elements (such as [...]
allowTextElements() → void
Allow basic text elements. [...]
noSuchMethod(Invocation invocation) → dynamic
Invoked when a non-existent method or property is accessed. [...]
toString() String
Returns a string representation of this object.


operator ==(dynamic other) bool
The equality operator. [...]