🏠 New in Low Baseline Support: Trusted types

February 24, 2026

caniuse · mdn · spec

Trusted types allow you to lock down insecure parts of the DOM API and prevent client-side cross-site scripting (XSS) attacks.

Source features

• api.Element.innerHTML.enforces_trusted_types [mdn]
• api.HTMLScriptElement.innerText.enforces_trusted_types [mdn]
• api.HTMLScriptElement.src.enforces_trusted_types [mdn]
• api.HTMLScriptElement.text.enforces_trusted_types [mdn]
• api.HTMLScriptElement.textContent.enforces_trusted_types [mdn]
• api.ShadowRoot.innerHTML.enforces_trusted_types [mdn]
• api.TrustedHTML [mdn]
• api.TrustedHTML.toString [mdn]
• api.TrustedScript [mdn]
• api.TrustedScript.toString [mdn]
• api.TrustedScriptURL [mdn]
• api.TrustedScriptURL.toString [mdn]
• api.TrustedTypePolicy [mdn]
• api.TrustedTypePolicy.createHTML [mdn]
• api.TrustedTypePolicy.createScript [mdn]
• api.TrustedTypePolicy.createScriptURL [mdn]
• api.TrustedTypePolicy.name [mdn]
• api.TrustedTypePolicyFactory [mdn]
• api.TrustedTypePolicyFactory.createPolicy [mdn]
• api.TrustedTypePolicyFactory.defaultPolicy [mdn]
• api.TrustedTypePolicyFactory.emptyHTML [mdn]
• api.TrustedTypePolicyFactory.emptyScript [mdn]
• api.TrustedTypePolicyFactory.getAttributeType [mdn]
• api.TrustedTypePolicyFactory.getPropertyType [mdn]
• api.TrustedTypePolicyFactory.isHTML [mdn]
• api.TrustedTypePolicyFactory.isScript [mdn]
• api.TrustedTypePolicyFactory.isScriptURL [mdn]
• api.setInterval.code_param_enforces_trusted_types [mdn]
• api.setTimeout.code_param_enforces_trusted_types [mdn]
• api.trustedTypes [mdn]
• http.headers.Content-Security-Policy.require-trusted-types-for [mdn]
• http.headers.Content-Security-Policy.trusted-types [mdn]
• api.TrustedHTML.toJSON [mdn]
• api.TrustedScript.toJSON [mdn]
• api.TrustedScriptURL.toJSON [mdn]