unsafe_html
Avoid unsafe HTML APIs.
This rule is available as of Dart 2.4.
Details
#AVOID
- assigning directly to the
href
field of an AnchorElement - assigning directly to the
src
field of an EmbedElement, IFrameElement, or ScriptElement - assigning directly to the
srcdoc
field of an IFrameElement - calling the
createFragment
method of Element - calling the
open
method of Window - calling the
setInnerHtml
method of Element - calling the
Element.html
constructor - calling the
DocumentFragment.html
constructor
BAD:
dart
var script = ScriptElement()..src = 'foo.js';
Usage
#To enable the unsafe_html
rule, add unsafe_html
under linter > rules in your analysis_options.yaml
file:
analysis_options.yaml
yaml
linter:
rules:
- unsafe_html
Unless stated otherwise, the documentation on this site reflects Dart 3.5.3. Page last updated on 2024-07-03. View source or report an issue.