Trusted types
Limited availability
Trusted types allow you to lock down insecure parts of the DOM API and prevent client-side cross-site scripting (XSS) attacks.
Compatibility (view on caniuse.com)
- Chrome 83 Released on 2020-05-19
- Chrome Android 83 Released on 2020-05-19
- Edge 83 Released on 2020-05-21
- Firefox ❌ Search for bugs Search for standards position
- Firefox for Android ❌ Search for bugs Search for standards position
- Safari ❌ Search for bugs Search for standards position
- Safari on iOS ❌ Search for bugs Search for standards position
MDN docs
- TrustedHTML
- TrustedHTML.toString
- TrustedScript
- TrustedScript.toString
- TrustedScriptURL
- TrustedScriptURL.toString
- TrustedTypePolicy
- TrustedTypePolicy.createHTML
- TrustedTypePolicy.createScript
- TrustedTypePolicy.createScriptURL
- TrustedTypePolicy.name
- TrustedTypePolicyFactory
- TrustedTypePolicyFactory.createPolicy
- TrustedTypePolicyFactory.defaultPolicy
- TrustedTypePolicyFactory.emptyHTML
- TrustedTypePolicyFactory.emptyScript
- TrustedTypePolicyFactory.getAttributeType
- TrustedTypePolicyFactory.getPropertyType
- TrustedTypePolicyFactory.isHTML
- TrustedTypePolicyFactory.isScript
- TrustedTypePolicyFactory.isScriptURL
- Window.trustedTypes
- TrustedHTML.toJSON
- TrustedScript.toJSON
- TrustedScriptURL.toJSON
Specifications
BCD data
- api.TrustedHTML
- api.TrustedHTML.toString
- api.TrustedScript
- api.TrustedScript.toString
- api.TrustedScriptURL
- api.TrustedScriptURL.toString
- api.TrustedTypePolicy
- api.TrustedTypePolicy.createHTML
- api.TrustedTypePolicy.createScript
- api.TrustedTypePolicy.createScriptURL
- api.TrustedTypePolicy.name
- api.TrustedTypePolicyFactory
- api.TrustedTypePolicyFactory.createPolicy
- api.TrustedTypePolicyFactory.defaultPolicy
- api.TrustedTypePolicyFactory.emptyHTML
- api.TrustedTypePolicyFactory.emptyScript
- api.TrustedTypePolicyFactory.getAttributeType
- api.TrustedTypePolicyFactory.getPropertyType
- api.TrustedTypePolicyFactory.isHTML
- api.TrustedTypePolicyFactory.isScript
- api.TrustedTypePolicyFactory.isScriptURL
- api.trustedTypes
- http.headers.Content-Security-Policy.require-trusted-types-for
- http.headers.Content-Security-Policy.trusted-types
- api.TrustedHTML.toJSON
- api.TrustedScript.toJSON
- api.TrustedScriptURL.toJSON