NodeValidatorBuilder class

Class which helps construct standard node validation policies.

By default this will not accept anything, but the 'allow*' functions can be used to expand what types of elements or attributes are allowed.

All allow functions are additive- elements will be accepted if they are accepted by any specific rule.

It is important to remember that sanitization is not just intended to prevent cross-site scripting attacks, but also to prevent information from being displayed in unexpected ways. For example something displaying basic formatted text may not expect <video> tags to appear. In this case an empty NodeValidatorBuilder with just allowTextElements might be appropriate.

Implemented types


Creates a new NodeValidatorBuilder which accepts common constructs.


hashCode int
The hash code for this object.
no setterinherited
runtimeType Type
A representation of the runtime type of the object.
no setterinherited


add(NodeValidator validator) → void
Add an additional validator to the current list of validators.
allowCustomElement(String tagName, {UriPolicy? uriPolicy, Iterable<String>? attributes, Iterable<String>? uriAttributes}) → void
Allow custom elements with the specified tag name and specified attributes.
allowElement(String tagName, {UriPolicy? uriPolicy, Iterable<String>? attributes, Iterable<String>? uriAttributes}) → void
allowHtml5({UriPolicy? uriPolicy}) → void
Allow common safe HTML5 elements and attributes.
allowImages([UriPolicy? uriPolicy]) → void
Allows image elements.
allowInlineStyles({String? tagName}) → void
Allow inline styles on elements.
allowNavigation([UriPolicy? uriPolicy]) → void
Allows navigation elements- Form and Anchor tags, along with common attributes.
allowsAttribute(Element element, String attributeName, String value) bool
Returns true if the attribute is allowed.
allowsElement(Element element) bool
Returns true if the tagName is an accepted type.
allowSvg() → void
Allow SVG elements and attributes except for known bad ones.
allowTagExtension(String tagName, String baseName, {UriPolicy? uriPolicy, Iterable<String>? attributes, Iterable<String>? uriAttributes}) → void
Allow custom tag extensions with the specified type name and specified attributes.
allowTemplating() → void
Allow templating elements (such as
allowTextElements() → void
Allow basic text elements.
noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
toString() String
A string representation of this object.


operator ==(Object other) bool
The equality operator.