Skip to main content

HtmlRenderPolicy

dioxus_nox_markdown::types

Enum HtmlRenderPolicy 

Source 
pub enum HtmlRenderPolicy {
    Escape,
    Sanitized,
    Trusted,
}
Expand description

Controls how raw HTML blocks and inline HTML in markdown are rendered.

By default, raw HTML is escaped (displayed as visible text) to prevent cross-site scripting (XSS) attacks. Choose a policy based on how much you trust the markdown source:

PolicyUse whenXSS safe?
EscapeUntrusted / user-generated markdown (default)Yes
SanitizedUser-generated markdown where you want HTML formatting but not scripts (requires sanitize feature)Yes
TrustedYou control the markdown source entirelyNo

§Security

Trusted mode renders arbitrary HTML without any sanitization. If the markdown contains <script>, <iframe>, onload=, or any other active content, it will be injected into the DOM. Never use Trusted with user-generated or untrusted markdown — this is a direct XSS vector.

For user-generated content that needs HTML rendering, enable the sanitize feature and use HtmlRenderPolicy::Sanitized, which strips dangerous elements and attributes via the ammonia crate.

Variants§

§

Escape

Escape HTML — render as visible text. Safe for all inputs.

§

Sanitized

Sanitize HTML with ammonia before rendering.

Strips dangerous elements (<script>, <iframe>, <object>, etc.) and event-handler attributes (onload, onclick, etc.) while preserving safe formatting tags (<b>, <i>, <a>, <code>, etc.).

Requires the sanitize Cargo feature. Falls back to Escape if the feature is not enabled.

§

Trusted

Render raw HTML via dangerous_inner_html without any sanitization.

§Security Warning

This is a direct XSS vector. Only use this when you fully control the markdown source (e.g., static content compiled into your binary). Never use with user-generated input.

Trait Implementations§

Source§

impl Clone for HtmlRenderPolicy

Source§

fn clone(&self) -> HtmlRenderPolicy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for HtmlRenderPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for HtmlRenderPolicy

Source§

fn default() -> HtmlRenderPolicy

Returns the “default value” for a type. Read more
Source§

impl Hash for HtmlRenderPolicy

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for HtmlRenderPolicy

Source§

fn eq(&self, other: &HtmlRenderPolicy) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Copy for HtmlRenderPolicy

Source§

impl Eq for HtmlRenderPolicy

Source§

impl StructuralPartialEq for HtmlRenderPolicy

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> InitializeFromFunction<T> for T

Source§

fn initialize_from_function(f: fn() -> T) -> T

Create an instance of this type from an initialization function
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<Ret> SpawnIfAsync<(), Ret> for Ret

Source§

fn spawn(self) -> Ret

Spawn the value into the dioxus runtime if it is an async block
Source§

impl<T, O> SuperFrom<T> for O
where O: From<T>,

Source§

fn super_from(input: T) -> O

Convert from a type to another type.
Source§

impl<T, O, M> SuperInto<O, M> for T
where O: SuperFrom<T, M>,

Source§

fn super_into(self) -> O

Convert from a type to another type.
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<S, T> Upcast<T> for S
where T: UpcastFrom<S> + ?Sized, S: ?Sized,

Source§

fn upcast(&self) -> &T
where Self: ErasableGeneric, T: ErasableGeneric<Repr = Self::Repr>,

Perform a zero-cost type-safe upcast to a wider ref type within the Wasm bindgen generics type system. Read more
Source§

fn upcast_into(self) -> T
where Self: Sized + ErasableGeneric, T: ErasableGeneric<Repr = Self::Repr>,

Perform a zero-cost type-safe upcast to a wider type within the Wasm bindgen generics type system. Read more
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DependencyElement for T
where T: 'static + PartialEq + Clone,