The emptyScript
read-only property of the TrustedTypePolicyFactory
interface returns a TrustedScript
object containing an empty string.
This object can be used when the application requires an empty string to be inserted into an injection sink which is expecting a TrustedScript
object.
The specification explains that the emptyScript
object can be used to detect support for dynamic code compilation.
Native Trusted Types implementations can support eval(TrustedScript)
, therefore in the below example a native implementation will return false for eval(trustedTypes.emptyScript)
. A polyfill will return a truthy object.
const supportsTS = !eval(trustedTypes.emptyScript);
eval(supportsTS ? myTrustedScriptObj : myTrustedScriptObj.toString());