NodeValidatorBuilder#

Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Constructors#

NodeValidatorBuilder()#

NodeValidatorBuilder() {}

NodeValidatorBuilder.common()#

Creates a new NodeValidatorBuilder which accepts common constructs.

By default this will accept HTML5 elements and attributes with the default UriPolicy and templating elements.

Notable syntax which is filtered:

• Only known-good HTML5 elements and attributes are allowed.
• All URLs must be same-origin, use allowNavigation and allowImages to specify additional URI policies.
• Inline-styles are not allowed.
• Custom element tags are disallowed, use allowCustomElement.
• Custom tags extensions are disallowed, use allowTagExtension.
• SVG Elements are not allowed, use allowSvg.

For scenarios where the HTML should only contain formatted text allowTextElements is more appropriate.

Use allowSvg to allow SVG elements.

NodeValidatorBuilder.common() {
  allowHtml5();
  allowTemplating();
}

Properties#

hashCode no setter inherited#

The hash code for this object.

A hash code is a single integer which represents the state of the object that affects operator == comparisons.

All objects have hash codes. The default hash code implemented by Object represents only the identity of the object, the same way as the default operator == implementation only considers objects equal if they are identical (see identityHashCode).

If operator == is overridden to use the object state instead, the hash code must also be changed to represent that state, otherwise the object cannot be used in hash based data structures like the default Set and Map implementations.

Hash codes must be the same for objects that are equal to each other according to operator ==. The hash code of an object should only change if the object changes in a way that affects equality. There are no further requirements for the hash codes. They need not be consistent between executions of the same program and there are no distribution guarantees.

Objects that are not equal are allowed to have the same hash code. It is even technically allowed that all instances have the same hash code, but if clashes happen too often, it may reduce the efficiency of hash-based data structures like HashSet or HashMap.

If a subclass overrides hashCode, it should override the operator == operator as well to maintain consistency.

Inherited from Object.

external int get hashCode;

runtimeType no setter inherited#

A representation of the runtime type of the object.

Inherited from Object.

external Type get runtimeType;

Methods#

add()#

Add an additional validator to the current list of validators.

Elements and attributes will be accepted if they are accepted by any validators.

void add(NodeValidator validator) {
  _validators.add(validator);
}

allowCustomElement()#

Allow custom elements with the specified tag name and specified attributes.

This will allow the elements as custom tags (such as <x-foo></x-foo>), but will not allow tag extensions. Use allowTagExtension to allow tag extensions.

void allowCustomElement(
  String tagName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
}) {
  var tagNameUpper = tagName.toUpperCase();
  var attrs = attributes?.map<String>(
    (name) => '$tagNameUpper::${name.toLowerCase()}',
  );
  var uriAttrs = uriAttributes?.map<String>(
    (name) => '$tagNameUpper::${name.toLowerCase()}',
  );
  if (uriPolicy == null) {
    uriPolicy = new UriPolicy();
  }

  add(
    new _CustomElementNodeValidator(
      uriPolicy,
      [tagNameUpper],
      attrs,
      uriAttrs,
      false,
      true,
    ),
  );
}

allowElement()#

void allowElement(
  String tagName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
}) {
  allowCustomElement(
    tagName,
    uriPolicy: uriPolicy,
    attributes: attributes,
    uriAttributes: uriAttributes,
  );
}

allowHtml5()#

Allow common safe HTML5 elements and attributes.

This list is based off of the Caja whitelists at: https://code.google.com/p/google-caja/wiki/CajaWhitelists.

Common things which are not allowed are script elements, style attributes and any script handlers.

void allowHtml5({UriPolicy? uriPolicy}) {
  add(new _Html5NodeValidator(uriPolicy: uriPolicy));
}

allowImages()#

Allows image elements.

The UriPolicy can be used to restrict the locations the images may be loaded from. By default this will use the default UriPolicy.

void allowImages([UriPolicy? uriPolicy]) {
  if (uriPolicy == null) {
    uriPolicy = new UriPolicy();
  }
  add(new _SimpleNodeValidator.allowImages(uriPolicy));
}

allowInlineStyles()#

Allow inline styles on elements.

If tagName is not specified then this allows inline styles on all elements. Otherwise tagName limits the styles to the specified elements.

void allowInlineStyles({String? tagName}) {
  if (tagName == null) {
    tagName = '*';
  } else {
    tagName = tagName.toUpperCase();
  }
  add(new _SimpleNodeValidator(null, allowedAttributes: ['$tagName::style']));
}

allowNavigation()#

Allows navigation elements- Form and Anchor tags, along with common attributes.

The UriPolicy can be used to restrict the locations the navigation elements are allowed to direct to. By default this will use the default UriPolicy.

void allowNavigation([UriPolicy? uriPolicy]) {
  if (uriPolicy == null) {
    uriPolicy = new UriPolicy();
  }
  add(new _SimpleNodeValidator.allowNavigation(uriPolicy));
}

allowsAttribute() override#

Returns true if the attribute is allowed.

The attributeName parameter will always be in lowercase.

See allowsElement for format of tagName.

bool allowsAttribute(Element element, String attributeName, String value) {
  return _validators.any(
    (v) => v.allowsAttribute(element, attributeName, value),
  );
}

allowsElement() override#

Returns true if the tagName is an accepted type.

bool allowsElement(Element element) {
  return _validators.any((v) => v.allowsElement(element));
}

allowSvg()#

Allow SVG elements and attributes except for known bad ones.

void allowSvg() {
  add(new _SvgNodeValidator());
}

allowTagExtension()#

Allow custom tag extensions with the specified type name and specified attributes.

This will allow tag extensions (such as

void allowTagExtension(
  String tagName,
  String baseName, {
  UriPolicy? uriPolicy,
  Iterable<String>? attributes,
  Iterable<String>? uriAttributes,
}) {
  var baseNameUpper = baseName.toUpperCase();
  var tagNameUpper = tagName.toUpperCase();
  var attrs = attributes?.map<String>(
    (name) => '$baseNameUpper::${name.toLowerCase()}',
  );
  var uriAttrs = uriAttributes?.map<String>(
    (name) => '$baseNameUpper::${name.toLowerCase()}',
  );
  if (uriPolicy == null) {
    uriPolicy = new UriPolicy();
  }

  add(
    new _CustomElementNodeValidator(
      uriPolicy,
      [tagNameUpper, baseNameUpper],
      attrs,
      uriAttrs,
      true,
      false,
    ),
  );
}

allowTemplating()#

Allow templating elements (such as <template> and template-related attributes.

This still requires other validators to allow regular attributes to be bound (such as allowHtml5).

void allowTemplating() {
  add(new _TemplatingNodeValidator());
}

allowTextElements()#

Allow basic text elements.

This allows a subset of HTML5 elements, specifically just these tags and no attributes.

• B
• BLOCKQUOTE
• BR
• EM
• H1
• H2
• H3
• H4
• H5
• H6
• HR
• I
• LI
• OL
• P
• SPAN
• UL

void allowTextElements() {
  add(new _SimpleNodeValidator.allowTextElements());
}

noSuchMethod() inherited#

Invoked when a nonexistent method or property is accessed.

A dynamic member invocation can attempt to call a member which doesn't exist on the receiving object. Example:

dynamic object = 1;
object.add(42); // Statically allowed, run-time error

This invalid code will invoke the noSuchMethod method of the integer 1 with an Invocation representing the .add(42) call and arguments (which then throws).

Classes can override noSuchMethod to provide custom behavior for such invalid dynamic invocations.

A class with a non-default noSuchMethod invocation can also omit implementations for members of its interface. Example:

class MockList<T> implements List<T> {
  noSuchMethod(Invocation invocation) {
    log(invocation);
    super.noSuchMethod(invocation); // Will throw.
  }
}
void main() {
  MockList().add(42);
}

This code has no compile-time warnings or errors even though the MockList class has no concrete implementation of any of the List interface methods. Calls to List methods are forwarded to noSuchMethod, so this code will log an invocation similar to Invocation.method(#add, [42]) and then throw.

If a value is returned from noSuchMethod, it becomes the result of the original invocation. If the value is not of a type that can be returned by the original invocation, a type error occurs at the invocation.

The default behavior is to throw a NoSuchMethodError.

Inherited from Object.

@pragma("vm:entry-point")
@pragma("wasm:entry-point")
external dynamic noSuchMethod(Invocation invocation);

toString() inherited#

A string representation of this object.

Some classes have a default textual representation, often paired with a static parse function (like int.parse). These classes will provide the textual representation as their string representation.

Other classes have no meaningful textual representation that a program will care about. Such classes will typically override toString to provide useful information when inspecting the object, mainly for debugging or logging.

Inherited from Object.

external String toString();

Operators#

operator ==() inherited#

The equality operator.

The default behavior for all Objects is to return true if and only if this object and other are the same object.

Override this method to specify a different equality relation on a class. The overriding method must still be an equivalence relation. That is, it must be:

• Total: It must return a boolean for all arguments. It should never throw.

• Reflexive: For all objects o, o == o must be true.

• Symmetric: For all objects o1 and o2, o1 == o2 and o2 == o1 must either both be true, or both be false.

• Transitive: For all objects o1, o2, and o3, if o1 == o2 and o2 == o3 are true, then o1 == o3 must be true.

The method should also be consistent over time, so whether two objects are equal should only change if at least one of the objects was modified.

If a subclass overrides the equality operator, it should override the hashCode method as well to maintain consistency.

Inherited from Object.

external bool operator ==(Object other);