Understanding Dart 1.11's new appendHTML sanitizing

Question

I just upgraded to Dart 1.11 and I don\'t quite unterstand what\'s happening with .appendHTML(). I have a very large project using dart and .appendHTML()<

Answer 1

Creating your custom NodeTreeSanitizer is the way to go. Everywhere where text can be added to the DOM as HTML sanitation is applied. It was just an oversight that sanitation wasn't done in .appenedHTML(). The point is that you declare explicitly which elements can be added to the DOM and which attributes can be added to these elements. This is done to ensure that no malicious HTML or JS can be added to the page by mistake.