new AST(source)
The AST class represents an abstract syntax tree of HTML or SVG content. It can take HTML as an argument, parse it, optionally transform it to SVG, then perform sanitation before inserting it into the DOM.
Parameters:
Name | Type | Description |
---|---|---|
source |
string | Array.<Highcharts.ASTNode> | Either an HTML string or an ASTNode list to populate the tree |
Members
-
<static> allowedReferences
-
The list of allowed references for referring attributes like
href
andsrc
. Attribute values will only be allowed if they start with one of these strings.Example
// Allow tel: Highcharts.AST.allowedReferences.push('tel:');
-
<static> allowedTags
-
The list of allowed SVG or HTML tags, used for sanitizing potentially harmful content from the chart configuration before adding to the DOM.
Example
// Allow a custom, trusted tag Highcharts.AST.allowedTags.push('blink'); // ;)
-
<static> allowedTags
-
The list of allowed SVG or HTML attributes, used for sanitizing potentially harmful content from the chart configuration before adding to the DOM.
Example
// Allow a custom, trusted attribute Highcharts.AST.allowedAttributes.push('data-value');
Methods
-
addToDOM(parent)
-
Add the tree defined as a hierarchical JS structure to the DOM
Parameters:
Name Type Description parent
Highcharts.HTMLDOMElement | Highcharts.SVGDOMElement The node where it should be added
Returns:
-
filterUserAttributes(attributes)
-
Filter an object of SVG or HTML attributes against the allow list.
Parameters:
Name Type Description attributes
Highcharts.SVGAttributes The attributes to filter
Returns:
Highcharts.SVGAttributes .The filtered attributes
-
setElementHTML(el, html)
-
Utility function to set html content for an element by passing in a markup string. The markup is safely parsed by the AST class to avoid XSS vulnerabilities. This function should be used instead of setting
innerHTML
in all cases where the content is not fully trusted.Parameters:
Name Type Description el
SVGDOMElement | HTMLDOMElement The node to set content of
html
string The markup string