Limited availability
Note: This feature is available in Web Workers.
The TrustedTypePolicy interface of the Trusted Types API defines a group of functions which create TrustedType objects.
A TrustedTypePolicy object is created by TrustedTypePolicyFactory.createPolicy() to define a policy for enforcing security rules on input. Therefore, TrustedTypePolicy has no constructor.
TrustedTypePolicy.name Read only
A string containing the name of the policy.
In the below example we create a policy that will create TrustedHTML objects using TrustedTypePolicyFactory.createPolicy(). We can then use TrustedTypePolicy.createHTML to create a sanitized HTML string to be inserted into the document.
The sanitized value can then be used with Element.innerHTML to ensure that no new HTML elements can be injected.
const escapeHTMLPolicy = trustedTypes.createPolicy("myEscapePolicy", {
createHTML: (string) => string.replace(/</g, "<"),
});
let el = document.getElementById("myDiv");
const escaped = escapeHTMLPolicy.createHTML("<img src=x onerror=alert(1)>");
console.log(escaped instanceof TrustedHTML); // true
el.innerHTML = escaped;
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4