W3cubDocs

/Web APIs

TrustedScript

The TrustedScript interface of the Trusted Types API represents a string with an uncompiled script body that a developer can insert into an injection sink that might execute the script. These objects are created via TrustedTypePolicy.createScript() and therefore have no constructor.

The value of a TrustedScript object is set when the object is created and cannot be changed by JavaScript as there is no setter exposed.

Instance methods

TrustedScript.toJSON()

Returns a JSON representation of the stored data.

TrustedScript.toString()

A string containing the sanitized script.

Examples

The constant sanitized is an object created via a Trusted Types policy.

js

const sanitized = scriptPolicy.createScript("eval('2 + 2')");
console.log(sanitized); /* a TrustedScript object */

Specifications

Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
TrustedScript 83 83 No No 69 No 83 83 No 59 No 13.0
toJSON 90 90 No No 76 No 90 90 No 64 No 15.0
toString 83 83 No No 69 No 83 83 No 59 No 13.0

See also

© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/TrustedScript