TrustedTypePolicy.createHTML()

The createHTML() method of the TrustedTypePolicy interface creates a TrustedHTML object using a policy created by TrustedTypePolicyFactory.createPolicy().

Syntax

var str = TrustedTypePolicy.createHTML(input[,args]);

Parameters

input
A DOMString containing the string to be sanitized by the policy.
argsOptional
Additional arguments to be passed to the function represented by TrustedTypePolicy.

Return value

A TrustedHTML object.

Exceptions

TypeError
Thrown if TrustedTypePolicy does not contain a function to run on the input.

Examples

In the below example a string containing a potentially dangerous script is used as the input for createHTML(). Dangerous code inserted by a user could then be sanitized before insertion into any injection sink.

const escaped = escapeHTMLPolicy.createHTML("<img src=x onerror=alert(1)>");

Specifications

Specification
Trusted Types
# dom-trustedtypepolicy-createhtml

Browser compatibility

BCD tables only load in the browser