NodeValidatorBuilder class

Class which helps construct standard node validation policies.

Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Implements:

Constructors

NodeValidatorBuilder ( )
NodeValidatorBuilder.common ( )
Creates a new NodeValidatorBuilder which accepts common constructs.

Instance Methods

allowNavigation ( [UriPolicy uriPolicy] ) → void
Allows navigation elements- Form and Anchor tags, along with common attributes.
allowImages ( [UriPolicy uriPolicy] ) → void
Allows image elements.
allowTextElements ( ) → void
Allow basic text elements.
allowInlineStyles ( {String tagName} ) → void
Allow inline styles on elements.
allowHtml5 ( {UriPolicy uriPolicy} ) → void
Allow common safe HTML5 elements and attributes.
allowSvg ( ) → void
Allow SVG elements and attributes except for known bad ones.
allowCustomElement ( String tagName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes} ) → void
Allow custom elements with the specified tag name and specified attributes.
allowTagExtension ( String tagName, String baseName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes} ) → void
Allow custom tag extensions with the specified type name and specified attributes.
allowElement ( String tagName, {UriPolicy uriPolicy, Iterable<String> attributes, Iterable<String> uriAttributes} ) → void
allowTemplating ( ) → void
Allow templating elements (such as <template> and template-related attributes.
add ( NodeValidator validator ) → void
Add an additional validator to the current list of validators.
allowsElement ( Element element ) → bool
Returns true if the tagName is an accepted type.
allowsAttribute ( Element element, String attributeName, String value ) → bool
Returns true if the attribute is allowed.