Last updated:
0 purchases
sanitize html
HTML Sanitizer for Dart #
When embedding HTML from untrusted source in a website it is important to
sanitize the HTML to prevent injection of untrusted JavaScript (XSS exploits).
This package provides a simple function sanitizing HTML to prevent XSS exploits
and limit interference with other elements on the page.
Disclaimer: This is not an officially supported Google product.
This package uses an HTML5 parser to build-up an in-memory DOM tree and
filter elements and attributes, in-line with rules employed by GitHub
when sanitizing GFM (GitHub Flavored Markdown).
This removes all inline JavaScript, CSS, <form>, and other elements that
could be used for XSS. This sanitizer is more strict than necessary to
guard against XSS as this sanitizer also attempts to prevent the sanitized
HTML from interfering with the page it is injected into.
For example, while it is possible to allow many CSS properties, this
sanitizer does not allow any CSS. This creates a sanitizer that is easy to
validate. These limitations are usually fine when sanitizing HTML from rendered
markdown.
Example #
import 'package:sanitize_html/sanitize_html.dart' show sanitizeHtml;
void main() {
print(sanitizeHtml('<a href="javascript:alert();">evil link</a>'));
// Prints: <a>evil link</a>
// Which is a lot less evil :)
}
copied to clipboard
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
There are no reviews.