Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Implements

Constructors

NodeValidatorBuilder()

NodeValidatorBuilder.common()

Creates a new NodeValidatorBuilder which accepts common constructs.

Properties

hashCode int

Get a hash code for this object.

read-only, inherited
runtimeType Type

A representation of the runtime type of the object.

read-only, inherited

Operators

operator ==(other) bool

The equality operator.

inherited

Methods

add(NodeValidator validator) → void

Add an additional validator to the current list of validators.

allowCustomElement(String tagName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes}) → void

Allow custom elements with the specified tag name and specified attributes.

allowElement(String tagName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes}) → void

allowHtml5({UriPolicy uriPolicy}) → void

Allow common safe HTML5 elements and attributes.

allowImages([UriPolicy uriPolicy]) → void

Allows image elements.

allowInlineStyles({String tagName}) → void

Allow inline styles on elements.

allowNavigation([UriPolicy uriPolicy]) → void

Allows navigation elements- Form and Anchor tags, along with common attributes.

allowsAttribute(Element element, String attributeName, String value) bool

Returns true if the attribute is allowed.

allowsElement(Element element) bool

Returns true if the tagName is an accepted type.

allowSvg() → void

Allow SVG elements and attributes except for known bad ones.

allowTagExtension(String tagName, String baseName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes}) → void

Allow custom tag extensions with the specified type name and specified attributes.

allowTemplating() → void

Allow templating elements (such as <template> and template-related attributes.

allowTextElements() → void

Allow basic text elements.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a non-existent method or property is accessed.

inherited
toString() String

Returns a string representation of this object.

inherited