The emptyScript read-only property of the TrustedTypePolicyFactory interface returns a TrustedScript object containing an empty string.
This object can be used when the application requires an empty string to be inserted into an injection sink which is expecting a TrustedScript object.
A TrustedScript object.
The specification explains that the emptyScript object can be used to detect support for dynamic code compilation.
Native Trusted Types implementations can support eval(TrustedScript), therefore in the below example a native implementation will return false for eval(trustedTypes.emptyScript). A polyfill will return a truthy object.
js
const supportsTS = !eval(trustedTypes.emptyScript); eval(supportsTS ? myTrustedScriptObj : myTrustedScriptObj.toString());
| Specification |
|---|
| Trusted Types # dom-trustedtypepolicyfactory-emptyscript |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
emptyScript |
83 | 83 | No | No | 69 | No | 83 | 83 | No | 59 | No | 13.0 |
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/TrustedTypePolicyFactory/emptyScript