TrustedScript

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

Note: This feature is available in Web Workers.

The TrustedScript interface of the Trusted Types API represents a string with an uncompiled script body that a developer can insert into an injection sink that might execute the script. These objects are created via TrustedTypePolicy.createScript() and therefore have no constructor.

The value of a TrustedScript object is set when the object is created and cannot be changed by JavaScript as there is no setter exposed.

Instance methods

TrustedScript.toJSON()

Returns a JSON representation of the stored data.

TrustedScript.toString()

A string containing the sanitized script.

Examples

The constant sanitized is an object created via a Trusted Types policy.

js
const sanitized = scriptPolicy.createScript("eval('2 + 2')");
console.log(sanitized); /* a TrustedScript object */

Specifications

Specification
Trusted Types
# trusted-script

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
TrustedScript
toJSON
toString

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
No support
No support
See implementation notes.

See also