目錄
目錄

Avoid unsafe HTML APIs.

This rule is available as of Dart 2.4.0.

Details

AVOID

  • assigning directly to the href field of an AnchorElement
  • assigning directly to the src field of an EmbedElement, IFrameElement, or ScriptElement
  • assigning directly to the srcdoc field of an IFrameElement
  • calling the createFragment method of Element
  • calling the open method of Window
  • calling the setInnerHtml method of Element
  • calling the Element.html constructor
  • calling the DocumentFragment.html constructor

BAD:

var script = ScriptElement()..src = 'foo.js';

Usage

To enable the unsafe_html rule, add unsafe_html under linter > rules in your analysis_options.yaml file:

linter:
  rules:
    - unsafe_html