TheTrustedScript interface of theTrusted Types API represents a string with an uncompiled script body that a developer can insert into aninjection sink that might execute the script. These objects are created viaTrustedTypePolicy.createScript() and therefore have no constructor.

The value of aTrustedScript object is set when the object is created and cannot be changed by JavaScript as there is no setter exposed.

Instance methods

TrustedScript.toJSON()

Returns a JSON representation of the stored data.

TrustedScript.toString()

A string containing the sanitized script.

Examples

The constantsanitized is an object created via a Trusted Types policy.

const sanitized = scriptPolicy.createScript("eval('2 + 2')");console.log(sanitized); /* a TrustedScript object */

Specifications

Browser compatibility

See also

• Prevent DOM-based cross-site scripting vulnerabilities with Trusted Types