W3cubDocs

/Web APIs

TrustedTypePolicyFactory: emptyScript property

The emptyScript read-only property of the TrustedTypePolicyFactory interface returns a TrustedScript object containing an empty string.

This object can be used when the application requires an empty string to be inserted into an injection sink which is expecting a TrustedScript object.

Value

A TrustedScript object.

Examples

The specification explains that the emptyScript object can be used to detect support for dynamic code compilation.

Native Trusted Types implementations can support eval(TrustedScript), therefore in the below example a native implementation will return false for eval(trustedTypes.emptyScript). A polyfill will return a truthy object.

js

const supportsTS = !eval(trustedTypes.emptyScript);
eval(supportsTS ? myTrustedScriptObj : myTrustedScriptObj.toString());

Specifications

Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
emptyScript 83 83 No No 69 No 83 83 No 59 No 13.0

© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/TrustedTypePolicyFactory/emptyScript