Trusted Types for DOM manipulation
An API that forces developers to be very explicit about their use of powerful DOM-injection APIs. Can greatly improve security against XSS attacks.
document api: execcommand: `inserthtml` command: requires `trustedhtml` instance when trusted types are enforced
document api: `parsehtmlunsafe()` static method: requires `trustedhtml` instance when trusted types are enforced
document api: writeln: requires `trustedhtml` instance when trusted types are enforced
document api: write: requires `trustedhtml` instance when trusted types are enforced
domparser api: parsefromstring: requires `trustedhtml` instance when trusted types are enforced
element api: innerhtml: requires `trustedhtml` instance when trusted types are enforced
element api: insertadjacenthtml: requires `trustedhtml` instance when trusted types are enforced
element api: outerhtml: requires `trustedhtml` instance when trusted types are enforced
element api: setattributens: requires `value` parameter to be `trustedhtml`, `trustedscript`, or `trustedscripturl` instance when trusted types enforced (matching attribute type)
element api: setattribute: requires `value` parameter to be `trustedhtml` instance (for `iframe.srcdoc`), or `trustedscripturl` (for html `script.src`, and svg `script.href`) when trusted types are enforced
element api: sethtmlunsafe: requires `trustedhtml` instance when trusted types are enforced
htmliframeelement api: srcdoc: requires `trustedhtml` instance when trusted types are enforced
htmlscriptelement api: innertext: requires `trustedscript` instance when trusted types are enforced
htmlscriptelement api: src: requires `trustedscripturl` instance when trusted types are enforced
htmlscriptelement api: textcontent: requires `trustedscript` instance in `htmlscriptelement` when trusted types are enforced.
htmlscriptelement api: text: requires `trustedscript` instance when trusted types are enforced.
range api: createcontextualfragment: requires `trustedhtml` instance when trusted types are enforced
serviceworkercontainer api: register: `scripturl` parameter requires `trustedscripturl` instance when trusted types are enforced
setinterval api: `code` parameter requires `trustedscript` instance when trusted types are enforced.
settimeout api: `code` parameter requires `trustedscript` instance when trusted types are enforced.
shadowroot api: innerhtml: requires `trustedhtml` instance when trusted types are enforced
shadowroot api: sethtmlunsafe: requires `trustedhtml` instance when trusted types are enforced
sharedworker api: `sharedworker()` constructor: `url` parameter requires `trustedscripturl` instance when trusted types are enforced
svganimatedstring api: baseval: requires `trustedscripturl` instance when trusted types are enforced
trustedtypes api
workerglobalscope api: importscripts: `urls` parameter requires `trustedscripturl` instances when trusted types are enforced
worker api: `worker()` constructor: requires `url` parameter to be `trustedscripturl` instance when trusted types are enforced
headers http header: content-security-policy: require-trusted-types-for
headers http header: content-security-policy: script-src: `trusted-types-eval` source expression
headers http header: content-security-policy: trusted-types
javascript built-in: function: `function()` constructor: requires arguments to be `trustedscript` instance when trusted types are enforced
32 results found.