TrustedTypePolicy.createHTML()

The createHTML() method of the TrustedTypePolicy interface creates a TrustedHTML object using a policy created by TrustedTypePolicyFactory.createPolicy().

input

A DOMString containing the string to be sanitized by the policy.

argsOptional

Additional arguments to be passed to the function represented by TrustedTypePolicy.

A TrustedHTML object.

TypeError

Thrown if TrustedTypePolicy does not contain a function to run on the input.

In the below example a string containing a potentially dangerous script is used as the input for createHTML(). Dangerous code inserted by a user could then be sanitized before insertion into any injection sink.

const escaped = escapeHTMLPolicy.createHTML("<img src=x onerror=alert(1)>");