Returns a Filter that can test if the path in attribute
is external to
all of the allowed
uris.
The Filter return true
if the uri in attribute
is invalid or external
to all of the uris in allowed
.
The Filter returns false
for any of the following conditions:
- the
attribute
is missing; - the uri is
null
; - the uri is relative to all uris;
- the scheme in the uri is
data
orjavascript
; - when the uri is resolved from any of the
allowed
uris, its path starts with that allowed uri.
Source
static Filter external(String attribute, {Iterable<String> allowed}) { var allowedUris = allowed == null ? const [] : new List.from(allowed); return (t, o) { var uri = o[attribute]; if (uri == null) return false; if (!isValid(uri)) return true; if (isRelative(uri) || ['data', 'javascript'].contains(Uri.parse(uri).scheme)) { return false; } return !allowedUris .any((a) => Uri.parse(a).resolve(uri).toString().startsWith(a)); }; }