TrustedScriptURL

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

Note: This feature is available in Web Workers.

The TrustedScriptURL interface of the Trusted Types API represents a string that a developer can insert into an injection sink that will parse it as a URL of an external script. These objects are created via TrustedTypePolicy.createScriptURL() and therefore have no constructor.

The value of a TrustedScriptURL object is set when the object is created and cannot be changed by JavaScript as there is no setter exposed.

Instance methods

TrustedScriptURL.toJSON()

Returns a JSON representation of the stored data.

TrustedScriptURL.toString()

A string containing the sanitized URL.

Examples

The constant sanitized is an object created via a Trusted Types policy.

js
const sanitized = scriptPolicy.createScriptURL(
  "https://example.com/my-script.js",
);
console.log(sanitized); /* a TrustedScriptURL object */

Specifications

Specification
Trusted Types
# trused-script-url

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
TrustedScriptURL
toJSON
toString

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
No support
No support
See implementation notes.

See also