unsafe_html

Contents

Avoid unsafe HTML APIs.

This rule is available as of Dart 2.4.0.

AVOID

assigning directly to the href field of an AnchorElement
assigning directly to the src field of an EmbedElement, IFrameElement, or ScriptElement
assigning directly to the srcdoc field of an IFrameElement
calling the createFragment method of Element
calling the open method of Window
calling the setInnerHtml method of Element
calling the Element.html constructor
calling the DocumentFragment.html constructor

BAD:

dart

var script = ScriptElement()..src = 'foo.js';

To enable the unsafe_html rule, add unsafe_html under linter > rules in your analysis_options.yaml file:

analysis_options.yaml
yamllinter:
  rules:
    - unsafe_html

Details