Function for sanitizing HTML to prevent XSS by restrict elements and attributes to a safe subset of allowed values.
HTML Sanitizer for Dart #
Disclaimer: This is not an officially supported Google product.
This package uses an HTML5 parser to build-up an in-memory DOM tree and filter elements and attributes, in-line with rules employed by Github when sanitizing GFM (Github Flavored Markdown).
<form>, and other elements that
could be used for XSS. This sanitizer is more strict than necessary to
guard against XSS as this sanitizer also attempts to prevent the sanitized
HTML from interfering with the page it is injected into.
For example, while it is possible to allow many CSS properties, this sanitizer does not allow any CSS. This creates a sanitizer that is easy to validate. These limitations are usually fine when sanitizing HTML from rendered markdown.