Class: AST

Members

<static> allowedAttributes

The list of allowed SVG or HTML attributes, used for sanitizing potentially harmful content from the chart configuration before adding to the DOM.

Example

// Allow a custom, trusted attribute
Highcharts.AST.allowedAttributes.push('data-value');

<static> allowedReferences

The list of allowed references for referring attributes like href and src. Attribute values will only be allowed if they start with one of these strings.

Example

// Allow tel:
Highcharts.AST.allowedReferences.push('tel:');

<static> allowedTags

The list of allowed SVG or HTML tags, used for sanitizing potentially harmful content from the chart configuration before adding to the DOM.

Example

// Allow a custom, trusted tag
Highcharts.AST.allowedTags.push('blink'); // ;)

Methods

addToDOM(parent)

Add the tree defined as a hierarchical JS structure to the DOM

Parameters:

Name	Type	Description
parent	Highcharts.HTMLDOMElement | Highcharts.SVGDOMElement	The node where it should be added

Returns:

Highcharts.HTMLDOMElement | Highcharts.SVGDOMElement .

The inserted node.

filterUserAttributes(attributes)

Filter an object of SVG or HTML attributes against the allow list.

Parameters:

Name	Type	Description
attributes	Highcharts.SVGAttributes	The attributes to filter

Returns:

Highcharts.SVGAttributes .

The filtered attributes

setElementHTML(el, html)

Utility function to set html content for an element by passing in a markup string. The markup is safely parsed by the AST class to avoid XSS vulnerabilities. This function should be used instead of setting innerHTML in all cases where the content is not fully trusted.

Parameters:

Name	Type	Description
el	SVGDOMElement | HTMLDOMElement	The node to set content of
html	string	The markup string