unsafe_html

Avoid unsafe HTML APIs.

NOTE: This lint is deprecated and will be removed in a future release. Remove all inclusions of this lint from your analysis options.

AVOID

• assigning directly to the href field of an AnchorElement
• assigning directly to the src field of an EmbedElement, IFrameElement, or ScriptElement
• assigning directly to the srcdoc field of an IFrameElement
• calling the createFragment method of Element
• calling the open method of Window
• calling the setInnerHtml method of Element
• calling the Element.html constructor
• calling the DocumentFragment.html constructor

BAD:

var script = ScriptElement()..src = 'foo.js';

This rule has been removed.

To enable the unsafe_html rule, add unsafe_html under linter > rules in your analysis_options.yaml file:

linter:
  rules:
    - unsafe_html

If you're instead using the YAML map syntax to configure linter rules, add unsafe_html: true under linter > rules:

linter:
  rules:
    unsafe_html: true