NodeValidatorBuilder

class NodeValidatorBuilder implements NodeValidator

Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Implemented types

• NodeValidator

Constructors

NodeValidatorBuilder()

NodeValidatorBuilder()

Implementation

NodeValidatorBuilder() {}

NodeValidatorBuilder.common()

NodeValidatorBuilder.common()

Creates a new NodeValidatorBuilder which accepts common constructs.

By default this will accept HTML5 elements and attributes with the default UriPolicy and templating elements.

Notable syntax which is filtered:

• Only known-good HTML5 elements and attributes are allowed.
• All URLs must be same-origin, use allowNavigation and allowImages to specify additional URI policies.
• Inline-styles are not allowed.
• Custom element tags are disallowed, use allowCustomElement.
• Custom tags extensions are disallowed, use allowTagExtension.
• SVG Elements are not allowed, use allowSvg.

For scenarios where the HTML should only contain formatted text allowTextElements is more appropriate.

Use allowSvg to allow SVG elements.

Implementation

NodeValidatorBuilder.common() {
  allowHtml5();
  allowTemplating();
}

Properties

hashCode no setter inherited

int get hashCode

The hash code for this object.

A hash code is a single integer which represents the state of the object that affects operator == comparisons.

All objects have hash codes. The default hash code implemented by Object represents only the identity of the object, the same way as the default operator == implementation only considers objects equal if they are identical (see identityHashCode).

If operator == is overridden to use the object state instead, the hash code must also be changed to represent that state, otherwise the object cannot be used in hash based data structures like the default Set and Map implementations.

Hash codes must be the same for objects that are equal to each other according to operator ==. The hash code of an object should only change if the object changes in a way that affects equality. There are no further requirements for the hash codes. They need not be consistent between executions of the same program and there are no distribution guarantees.

Objects that are not equal are allowed to have the same hash code. It is even technically allowed that all instances have the same hash code, but if clashes happen too often, it may reduce the efficiency of hash-based data structures like HashSet or HashMap.

If a subclass overrides hashCode, it should override the operator == operator as well to maintain consistency.

Inherited from Object.

Implementation

external int get hashCode;

runtimeType no setter inherited

Type get runtimeType

A representation of the runtime type of the object.

Inherited from Object.

Implementation

external Type get runtimeType;

Methods

add()

void add(NodeValidator validator)

Add an additional validator to the current list of validators.

Elements and attributes will be accepted if they are accepted by any validators.

Implementation

void add(NodeValidator validator) {
  _validators.add(validator);
}

allowCustomElement()

void allowCustomElement(
  String tagName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
})

Allow custom elements with the specified tag name and specified attributes.

This will allow the elements as custom tags (such as <x-foo></x-foo>), but will not allow tag extensions. Use allowTagExtension to allow tag extensions.

Implementation

void allowCustomElement(
  String tagName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
}) {
  var tagNameUpper = tagName.toUpperCase();
  var attrs = attributes?.map<String>(
    (name) => '$tagNameUpper::${name.toLowerCase()}',
  );
  var uriAttrs = uriAttributes?.map<String>(
    (name) => '$tagNameUpper::${name.toLowerCase()}',
  );
  if (uriPolicy == null) {
    uriPolicy = new UriPolicy();
  }

  add(
    new _CustomElementNodeValidator(
      uriPolicy,
      [tagNameUpper],
      attrs,
      uriAttrs,
      false,
      true,
    ),
  );
}

allowElement()

void allowElement(
  String tagName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
})

Implementation

void allowElement(
  String tagName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
}) {
  allowCustomElement(
    tagName,
    uriPolicy: uriPolicy,
    attributes: attributes,
    uriAttributes: uriAttributes,
  );
}

allowHtml5()

void allowHtml5({UriPolicy? uriPolicy})

Allow common safe HTML5 elements and attributes.

This list is based off of the Caja whitelists at: https://code.google.com/p/google-caja/wiki/CajaWhitelists.

Common things which are not allowed are script elements, style attributes and any script handlers.

Implementation

void allowHtml5({UriPolicy? uriPolicy}) {
  add(new _Html5NodeValidator(uriPolicy: uriPolicy));
}

allowImages()

void allowImages([UriPolicy? uriPolicy])

Allows image elements.

The UriPolicy can be used to restrict the locations the images may be loaded from. By default this will use the default UriPolicy.

Implementation

void allowImages([UriPolicy? uriPolicy]) {
  if (uriPolicy == null) {
    uriPolicy = new UriPolicy();
  }
  add(new _SimpleNodeValidator.allowImages(uriPolicy));
}

allowInlineStyles()

void allowInlineStyles({String? tagName})

Allow inline styles on elements.

If tagName is not specified then this allows inline styles on all elements. Otherwise tagName limits the styles to the specified elements.

Implementation

void allowInlineStyles({String? tagName}) {
  if (tagName == null) {
    tagName = '*';
  } else {
    tagName = tagName.toUpperCase();
  }
  add(new _SimpleNodeValidator(null, allowedAttributes: ['$tagName::style']));
}

allowNavigation()

void allowNavigation([UriPolicy? uriPolicy])

Allows navigation elements- Form and Anchor tags, along with common attributes.

The UriPolicy can be used to restrict the locations the navigation elements are allowed to direct to. By default this will use the default UriPolicy.

Implementation

void allowNavigation([UriPolicy? uriPolicy]) {
  if (uriPolicy == null) {
    uriPolicy = new UriPolicy();
  }
  add(new _SimpleNodeValidator.allowNavigation(uriPolicy));
}

allowsAttribute() override

bool allowsAttribute(Element element, String attributeName, String value)

Returns true if the attribute is allowed.

The attributeName parameter will always be in lowercase.

See allowsElement for format of tagName.

Implementation

bool allowsAttribute(Element element, String attributeName, String value) {
  return _validators.any(
    (v) => v.allowsAttribute(element, attributeName, value),
  );
}

allowsElement() override

bool allowsElement(Element element)

Returns true if the tagName is an accepted type.

Implementation

bool allowsElement(Element element) {
  return _validators.any((v) => v.allowsElement(element));
}

allowSvg()

void allowSvg()

Allow SVG elements and attributes except for known bad ones.

Implementation

void allowSvg() {
  add(new _SvgNodeValidator());
}

allowTagExtension()

void allowTagExtension(
  String tagName,
  String baseName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
})

Allow custom tag extensions with the specified type name and specified attributes.

This will allow tag extensions (such as

), but will not allow custom tags. Use allowCustomElement to allow custom tags.

Implementation

void allowTagExtension(
  String tagName,
  String baseName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
}) {
  var baseNameUpper = baseName.toUpperCase();
  var tagNameUpper = tagName.toUpperCase();
  var attrs = attributes?.map<String>(
    (name) => '$baseNameUpper::${name.toLowerCase()}',
  );
  var uriAttrs = uriAttributes?.map<String>(
    (name) => '$baseNameUpper::${name.toLowerCase()}',
  );
  if (uriPolicy == null) {
    uriPolicy = new UriPolicy();
  }

  add(
    new _CustomElementNodeValidator(
      uriPolicy,
      [tagNameUpper, baseNameUpper],
      attrs,
      uriAttrs,
      true,
      false,
    ),
  );
}

allowTemplating()

void allowTemplating()

Allow templating elements (such as <template> and template-related attributes.

This still requires other validators to allow regular attributes to be bound (such as allowHtml5).

Implementation

void allowTemplating() {
  add(new _TemplatingNodeValidator());
}

allowTextElements()

void allowTextElements()

Allow basic text elements.

This allows a subset of HTML5 elements, specifically just these tags and no attributes.

• B
• BLOCKQUOTE
• BR
• EM
• H1
• H2
• H3
• H4
• H5
• H6
• HR
• I
• LI
• OL
• P
• SPAN
• UL

Implementation

void allowTextElements() {
  add(new _SimpleNodeValidator.allowTextElements());
}

noSuchMethod() inherited

dynamic noSuchMethod(Invocation invocation)

Invoked when a nonexistent method or property is accessed.

A dynamic member invocation can attempt to call a member which doesn't exist on the receiving object. Example:

dynamic object = 1;
object.add(42); // Statically allowed, run-time error

This invalid code will invoke the noSuchMethod method of the integer 1 with an Invocation representing the .add(42) call and arguments (which then throws).

Classes can override noSuchMethod to provide custom behavior for such invalid dynamic invocations.

A class with a non-default noSuchMethod invocation can also omit implementations for members of its interface. Example:

class MockList<T> implements List<T> {
  noSuchMethod(Invocation invocation) {
    log(invocation);
    super.noSuchMethod(invocation); // Will throw.
  }
}
void main() {
  MockList().add(42);
}

This code has no compile-time warnings or errors even though the MockList class has no concrete implementation of any of the List interface methods. Calls to List methods are forwarded to noSuchMethod, so this code will log an invocation similar to Invocation.method(#add, [42]) and then throw.

If a value is returned from noSuchMethod, it becomes the result of the original invocation. If the value is not of a type that can be returned by the original invocation, a type error occurs at the invocation.

The default behavior is to throw a NoSuchMethodError.

Inherited from Object.

Implementation

@pragma("vm:entry-point")
@pragma("wasm:entry-point")
external dynamic noSuchMethod(Invocation invocation);

toString() inherited

String toString()

A string representation of this object.

Some classes have a default textual representation, often paired with a static parse function (like int.parse). These classes will provide the textual representation as their string representation.

Other classes have no meaningful textual representation that a program will care about. Such classes will typically override toString to provide useful information when inspecting the object, mainly for debugging or logging.

Inherited from Object.

Implementation

external String toString();

Operators

operator ==() inherited

bool operator ==(Object other)

The equality operator.

The default behavior for all Objects is to return true if and only if this object and other are the same object.

Override this method to specify a different equality relation on a class. The overriding method must still be an equivalence relation. That is, it must be:

• Total: It must return a boolean for all arguments. It should never throw.

• Reflexive: For all objects o, o == o must be true.

• Symmetric: For all objects o1 and o2, o1 == o2 and o2 == o1 must either both be true, or both be false.

• Transitive: For all objects o1, o2, and o3, if o1 == o2 and o2 == o3 are true, then o1 == o3 must be true.

The method should also be consistent over time, so whether two objects are equal should only change if at least one of the objects was modified.

If a subclass overrides the equality operator, it should override the hashCode method as well to maintain consistency.

Inherited from Object.

Implementation

external bool operator ==(Object other);