Class: AST

Highcharts. AST

new AST(source)

The AST class represents an abstract syntax tree of HTML or SVG content. It can take HTML as an argument, parse it, optionally transform it to SVG, then perform sanitation before inserting it into the DOM.

Parameters:
Name Type Description
source string | Array.<Highcharts.ASTNode>

Either an HTML string or an ASTNode list to populate the tree

Members

<static> allowedReferences

The list of allowed references for referring attributes like href and src. Attribute values will only be allowed if they start with one of these strings.

Example
// Allow tel:
Highcharts.AST.allowedReferences.push('tel:');

<static> allowedTags

The list of allowed SVG or HTML tags, used for sanitizing potentially harmful content from the chart configuration before adding to the DOM.

Example
// Allow a custom, trusted tag
Highcharts.AST.allowedTags.push('blink'); // ;)

<static> allowedTags

The list of allowed SVG or HTML attributes, used for sanitizing potentially harmful content from the chart configuration before adding to the DOM.

Example
// Allow a custom, trusted attribute
Highcharts.AST.allowedAttributes.push('data-value');

Methods

addToDOM(parent)

Add the tree defined as a hierarchical JS structure to the DOM

Parameters:
Name Type Description
parent Highcharts.HTMLDOMElement | Highcharts.SVGDOMElement

The node where it should be added

Returns:

filterUserAttributes(attributes)

Filter an object of SVG or HTML attributes against the allow list.

Parameters:
Name Type Description
attributes Highcharts.SVGAttributes

The attributes to filter

Returns:
Highcharts.SVGAttributes .

The filtered attributes

setElementHTML(el, html)

Utility function to set html content for an element by passing in a markup string. The markup is safely parsed by the AST class to avoid XSS vulnerabilities. This function should be used instead of setting innerHTML in all cases where the content is not fully trusted.

Parameters:
Name Type Description
el SVGDOMElement | HTMLDOMElement

The node to set content of

html string

The markup string