ToolBelt

Trusted Types Policy Stub

Scaffold a Trusted Types policy and the CSP directive that enforces it.

Save
// Trusted Types policy: 'default'
// Register early — before any code that creates trusted strings.
if (window.trustedTypes && trustedTypes.createPolicy) {
  trustedTypes.createPolicy('default', {
    createHTML: (s) => {
      // TODO: sanitise s here before returning.
      return s;
    },
    createScript:    (s) => s,
    createScriptURL: (s) => s,
  });
}

// Set the CSP header to require trusted types:
//   Content-Security-Policy: require-trusted-types-for 'script'; trusted-types default;

About this tool

Generates a window.trustedTypes.createPolicy stub with createHTML / createScript / createScriptURL plus the require-trusted-types-for CSP directive.

An unhandled error has occurred. Reload ×