Dart API

Appearance

dart:convertClassesHtmlEscapeMode

HtmlEscapeMode final 

final class HtmlEscapeMode

HTML escape modes.

Allows specifying a mode for HTML escaping that depends on the context where the escaped result is going to be used. The relevant contexts are:

  • as text content of an HTML element.
  • as value of a (single- or double-) quoted attribute value.

All modes require escaping of & (ampersand) characters, and may enable escaping of more characters.

Custom escape modes can be created using the HtmlEscapeMode.new constructor.

Example:

dart
const htmlEscapeMode = HtmlEscapeMode(
  name: 'custom',
  escapeLtGt: true,
  escapeQuot: false,
  escapeApos: false,
  escapeSlash: false,
 );

const HtmlEscape htmlEscape = HtmlEscape(htmlEscapeMode);
String unescaped = 'Text & subject';
String escaped = htmlEscape.convert(unescaped);
print(escaped); // Text & subject

unescaped = '10 > 1 and 1 < 10';
escaped = htmlEscape.convert(unescaped);
print(escaped); // 10 &gt; 1 and 1 &lt; 10

unescaped = "Single-quoted: 'text'";
escaped = htmlEscape.convert(unescaped);
print(escaped); // Single-quoted: 'text'

unescaped = 'Double-quoted: "text"';
escaped = htmlEscape.convert(unescaped);
print(escaped); // Double-quoted: "text"

unescaped = 'Path: /system/';
escaped = htmlEscape.convert(unescaped);
print(escaped); // Path: /system/

Constructors

HtmlEscapeMode() const 

const HtmlEscapeMode({
  String name = "custom",
  bool escapeLtGt = false,
  bool escapeQuot = false,
  bool escapeApos = false,
  bool escapeSlash = false,
})

Create a custom escaping mode.

All modes escape &. The mode can further be set to escape < and > (escapeLtGt), " (escapeQuot), ' (escapeApos), and/or / (escapeSlash).

Implementation
dart
const HtmlEscapeMode({
  String name = "custom",
  this.escapeLtGt = false,
  this.escapeQuot = false,
  this.escapeApos = false,
  this.escapeSlash = false,
}) : _name = name;

Properties

escapeApos final 

final bool escapeApos

Whether to escape "'" (apostrophe).

Implementation
dart
final bool escapeApos;

escapeLtGt final 

final bool escapeLtGt

Whether to escape '<' and '>'.

Implementation
dart
final bool escapeLtGt;

escapeQuot final 

final bool escapeQuot

Whether to escape '"' (quote).

Implementation
dart
final bool escapeQuot;

escapeSlash final 

final bool escapeSlash

Whether to escape "/" (forward slash, solidus).

Escaping a slash is recommended to avoid cross-site scripting attacks by the Open Web Application Security Project

Implementation
dart
final bool escapeSlash;

hashCode no setter inherited 

int get hashCode

The hash code for this object.

A hash code is a single integer which represents the state of the object that affects operator == comparisons.

All objects have hash codes. The default hash code implemented by Object represents only the identity of the object, the same way as the default operator == implementation only considers objects equal if they are identical (see identityHashCode).

If operator == is overridden to use the object state instead, the hash code must also be changed to represent that state, otherwise the object cannot be used in hash based data structures like the default Set and Map implementations.

Hash codes must be the same for objects that are equal to each other according to operator ==. The hash code of an object should only change if the object changes in a way that affects equality. There are no further requirements for the hash codes. They need not be consistent between executions of the same program and there are no distribution guarantees.

Objects that are not equal are allowed to have the same hash code. It is even technically allowed that all instances have the same hash code, but if clashes happen too often, it may reduce the efficiency of hash-based data structures like HashSet or HashMap.

If a subclass overrides hashCode, it should override the operator == operator as well to maintain consistency.

Inherited from Object.

Implementation
dart
external int get hashCode;

runtimeType no setter inherited 

Type get runtimeType

A representation of the runtime type of the object.

Inherited from Object.

Implementation
dart
external Type get runtimeType;

Methods

noSuchMethod() inherited 

dynamic noSuchMethod(Invocation invocation)

Invoked when a nonexistent method or property is accessed.

A dynamic member invocation can attempt to call a member which doesn't exist on the receiving object. Example:

dart
dynamic object = 1;
object.add(42); // Statically allowed, run-time error

This invalid code will invoke the noSuchMethod method of the integer 1 with an Invocation representing the .add(42) call and arguments (which then throws).

Classes can override noSuchMethod to provide custom behavior for such invalid dynamic invocations.

A class with a non-default noSuchMethod invocation can also omit implementations for members of its interface. Example:

dart
class MockList<T> implements List<T> {
  noSuchMethod(Invocation invocation) {
    log(invocation);
    super.noSuchMethod(invocation); // Will throw.
  }
}
void main() {
  MockList().add(42);
}

This code has no compile-time warnings or errors even though the MockList class has no concrete implementation of any of the List interface methods. Calls to List methods are forwarded to noSuchMethod, so this code will log an invocation similar to Invocation.method(#add, [42]) and then throw.

If a value is returned from noSuchMethod, it becomes the result of the original invocation. If the value is not of a type that can be returned by the original invocation, a type error occurs at the invocation.

The default behavior is to throw a NoSuchMethodError.

Inherited from Object.

Implementation
dart
@pragma("vm:entry-point")
@pragma("wasm:entry-point")
external dynamic noSuchMethod(Invocation invocation);

toString() override 

String toString()

A string representation of this object.

Some classes have a default textual representation, often paired with a static parse function (like int.parse). These classes will provide the textual representation as their string representation.

Other classes have no meaningful textual representation that a program will care about. Such classes will typically override toString to provide useful information when inspecting the object, mainly for debugging or logging.

Implementation
dart
String toString() => _name;

Operators

operator ==() inherited 

bool operator ==(Object other)

The equality operator.

The default behavior for all Objects is to return true if and only if this object and other are the same object.

Override this method to specify a different equality relation on a class. The overriding method must still be an equivalence relation. That is, it must be:

  • Total: It must return a boolean for all arguments. It should never throw.

  • Reflexive: For all objects o, o == o must be true.

  • Symmetric: For all objects o1 and o2, o1 == o2 and o2 == o1 must either both be true, or both be false.

  • Transitive: For all objects o1, o2, and o3, if o1 == o2 and o2 == o3 are true, then o1 == o3 must be true.

The method should also be consistent over time, so whether two objects are equal should only change if at least one of the objects was modified.

If a subclass overrides the equality operator, it should override the hashCode method as well to maintain consistency.

Inherited from Object.

Implementation
dart
external bool operator ==(Object other);

Constants

attribute 

const HtmlEscapeMode attribute

Escaping mode for text going into double-quoted HTML attribute values.

The result should not be used as the content of an unquoted or single-quoted attribute value.

Escapes double quotes (") but not single quotes ('), and escapes < and > characters because they are not allowed in strict XHTML attributes

Implementation
dart
static const HtmlEscapeMode attribute = HtmlEscapeMode._(
  'attribute',
  true,
  true,
  false,
  false,
);

element 

const HtmlEscapeMode element

Escaping mode for text going into HTML element content.

The escaping only works for elements with normal HTML content, and not, for example, for script or style element content, which require escapes matching their particular content syntax.

Escapes < and > characters.

Implementation
dart
static const HtmlEscapeMode element = HtmlEscapeMode._(
  'element',
  true,
  false,
  false,
  false,
);

sqAttribute 

const HtmlEscapeMode sqAttribute

Escaping mode for text going into single-quoted HTML attribute values.

The result should not be used as the content of an unquoted or double-quoted attribute value.

Escapes single quotes (') but not double quotes ("), and escapes < and > characters because they are not allowed in strict XHTML attributes.

Implementation
dart
static const HtmlEscapeMode sqAttribute = HtmlEscapeMode._(
  'attribute',
  true,
  false,
  true,
  false,
);

unknown 

const HtmlEscapeMode unknown

Default escaping mode, which escapes all characters.

The result of such an escaping is usable both in element content and in any attribute value.

The escaping only works for elements with normal HTML content, and not, for example, for script or style element content, which require escapes matching their particular content syntax.

Implementation
dart
static const HtmlEscapeMode unknown = HtmlEscapeMode._(
  'unknown',
  true,
  true,
  true,
  true,
);