The TrustedTypePolicyFactory interface of the Trusted Types API creates policies and allows the verification of Trusted Type objects against created policies.
The TrustedTypePolicyFactory interface of the Trusted Types API creates policies and allows the verification of Trusted Type objects against created policies.
TrustedTypePolicyFactory.emptyHTML Read only
Returns a TrustedHTML object containing an empty string.
TrustedTypePolicyFactory.emptyScript Read only
Returns a TrustedScript object containing an empty string.
TrustedTypePolicyFactory.defaultPolicy Read only
Returns the default TrustedTypePolicy or null if this is empty.
TrustedTypePolicyFactory.createPolicy()Creates a TrustedTypePolicy object that implements the rules passed as policyOptions.
TrustedTypePolicyFactory.isHTML()When passed a value checks that it is a valid TrustedHTML object.
TrustedTypePolicyFactory.isScript()When passed a value checks that it is a valid TrustedScript object.
TrustedTypePolicyFactory.isScriptURL()When passed a value checks that it is a valid TrustedScriptURL object.
TrustedTypePolicyFactory.getAttributeType()Allows web developers to check whether a Trusted Type is required for an element and attribute, and if so which one.
TrustedTypePolicyFactory.getPropertyType()Allows web developers to check whether a Trusted Type is required for a property, and if so which one.
The below code creates a policy with the name "myEscapePolicy" with a function defined for createHTML() which sanitizes HTML.
We then use the policy to sanitize a string, creating a TrustedHTML object, escaped. This object can be tested with isHTML() to ensure that it was created by one of our policies.
js
const escapeHTMLPolicy = trustedTypes.createPolicy("myEscapePolicy", { createHTML: (string) => string.replace(/>/g, "<"), }); const escaped = escapeHTMLPolicy.createHTML("<img src=x onerror=alert(1)>"); console.log(trustedTypes.isHTML(escaped)); // true;
| Specification |
|---|
| Trusted Types # trusted-type-policy-factory |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
TrustedTypePolicyFactory |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
createPolicy |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
defaultPolicy |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
emptyHTML |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
emptyScript |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
getAttributeType |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
getPropertyType |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
isHTML |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
isScript |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
isScriptURL |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/TrustedTypePolicyFactory