unsafe_html

Contents

Removed

Avoid unsafe HTML APIs.

NOTE: This lint is deprecated and will be removed in a future release. Remove all inclusions of this lint from your analysis options.

AVOID

assigning directly to the href field of an AnchorElement
assigning directly to the src field of an EmbedElement, IFrameElement, or ScriptElement
assigning directly to the srcdoc field of an IFrameElement
calling the createFragment method of Element
calling the open method of Window
calling the setInnerHtml method of Element
calling the Element.html constructor
calling the DocumentFragment.html constructor

BAD:

dart

var script = ScriptElement()..src = 'foo.js';

This rule has been removed.

To enable the unsafe_html rule, add unsafe_html under linter > rules in your analysis_options.yaml file:

analysis_options.yaml
yamllinter:
  rules:
    - unsafe_html

If you're instead using the YAML map syntax to configure linter rules, add unsafe_html: true under linter > rules:

analysis_options.yaml
yamllinter:
  rules:
    unsafe_html: true

Unless stated otherwise, the documentation on this site reflects Dart 3.6.0. Page last updated on 2025-01-27. View source or report an issue.

Details