HTML Sanitizer for Dart #
Disclaimer: This is not an officially supported Google product.
This package uses an HTML5 parser to build-up an in-memory DOM tree and filter elements and attributes, in-line with rules employed by Github when sanitizing GFM (Github Flavored Markdown).
<form>, and other elements that
could be used for XSS. This sanitizer is more strict than necessary to
guard against XSS as this sanitizer also attempts to prevent the sanitized
HTML from interfering with the page it is injected into.
For example, while it is possible to allow many CSS properties, this sanitizer does not allow any CSS. This creates a sanitizer that is easy to validate. These limitations are usually fine when sanitizing HTML from rendered markdown.
- Only print self-closing tags for
This could cause
<strong />in HTML documents, which is can be interpreted as an opening tag by HTML5 parsers, causing the HTML structure to break.
- Does not depend on
universal_html, uses custom HTML rendering for the output.
- Allowed classes are kept, even if there are non-allowed classes present on the same element.
- Add options
allowClassNameto allow specific element ids and class names.
- Initial release.
Use this package as a library
1. Depend on it
Add this to your package's pubspec.yaml file:
dependencies: sanitize_html: ^1.3.0
2. Install it
You can install packages from the command line:
$ pub get
$ flutter pub get
Alternatively, your editor might support
pub get or
flutter pub get.
Check the docs for your editor to learn more.
3. Import it
Now in your Dart code, you can use:
Describes how popular the package is relative to other packages. [more]
Code health derived from static analysis. [more]
Reflects how tidy and up-to-date the package is. [more]
Weighted score of the above. [more]
We analyzed this package on Dec 11, 2019, and provided a score, details, and suggestions below. Analysis was completed with status completed using:
- Dart: 2.7.0
- pana: 0.13.1+4