Sanitizer class
Experimental: This is an experimental technologyCheck the Browser compatibility table carefully before using this in production.Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The interface of the HTML Sanitizer API provides methods to
sanitize untrusted strings of HTML, Document and
DocumentFragment objects.
After sanitization, unwanted elements or attributes are
removed, and the returned objects can safely be inserted into a
document’s DOM.
A object is also used by the Element.setHTML() method to parse
and sanitize a string of HTML, and immediately insert it into an
element.
The default configuration strips out XSS-relevant input by
default, including <script> tags, custom elements, and
comments.
This configuration may be customized using constructor options.
- Available Extensions
- Annotations
-
- @JS()
- @staticInterop
Constructors
- Sanitizer([SanitizerConfig? config])
-
factory
Properties
- hashCode → int
-
The hash code for this object.
no setterinherited
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
Methods
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
toString(
) → String -
A string representation of this object.
inherited
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited