sanitizeHtml static method
Sanitiza texto para prevenir XSS
Implementation
static String sanitizeHtml(String input) {
// Remover protocolos peligrosos
var cleaned = input.replaceAll(
RegExp(r'javascript\s*:', caseSensitive: false),
'',
);
// Remover eventos inline completos con cualquier contenido
cleaned = cleaned.replaceAll(
RegExp(r'on\w+\s*=\s*"[^"]*"', caseSensitive: false),
'',
);
cleaned = cleaned.replaceAll(
RegExp(r"on\\w+\\s*=\\s*'[^']*'", caseSensitive: false),
'',
);
// Remover tags peligrosos completamente incluido su contenido
cleaned = cleaned.replaceAll(
RegExp(
r'<(script|iframe|object|embed|form|input|link|meta)[^>]*>.*?</(script|iframe|object|embed|form|input|link|meta)>',
caseSensitive: false,
multiLine: true,
dotAll: true,
),
'',
);
cleaned = cleaned.replaceAll(
RegExp(
r'<(script|iframe|object|embed|form|input|link|meta)[^>]*/?>',
caseSensitive: false,
),
'',
);
cleaned = cleaned.replaceAll(
RegExp(
r'</(script|iframe|object|embed|form|input|link|meta)>',
caseSensitive: false,
),
'',
);
return cleaned.trim();
}