TrustedTypePolicy.createScript()
The createScript()
method of the TrustedTypePolicy
interface creates a TrustedScript
object using a policy created by TrustedTypePolicyFactory.createPolicy()
.
Syntax
var str = TrustedTypePolicy.createScript(input[,args]);
Parameters
input
-
A
DOMString
containing the string to be sanitized by the policy. args
Optional-
Additional arguments to be passed to the function represented by
TrustedTypePolicy
.
Return value
A TrustedScript
object.
Exceptions
TypeError
-
Thrown if
TrustedTypePolicy
does not contain a function to run on the input.
Examples
In the below example a string containing a potentially risky script is used as the input for createScript()
. The policy can sanitize this script before inserting it into an injection sink that could cause it to be executed.
const sanitized = scriptPolicy.createScript("eval('2 + 2')");
Specifications
Specification |
---|
Trusted Types # dom-trustedtypepolicy-createscript |
Browser compatibility
BCD tables only load in the browser