TrustedTypePolicyFactory: emptyScript property

The emptyScript read-only property of the TrustedTypePolicyFactory interface returns a TrustedScript object containing an empty string.

This object can be used when the application requires an empty string to be inserted into an injection sink which is expecting a TrustedScript object.

Value

A TrustedScript object.

Examples

The specification explains that the emptyScript object can be used to detect support for dynamic code compilation.

Native Trusted Types implementations can support eval(TrustedScript), therefore in the below example a native implementation will return false for eval(trustedTypes.emptyScript). A polyfill will return a truthy object.

js

const supportsTS = !eval(trustedTypes.emptyScript);
eval(supportsTS ? myTrustedScriptObj : myTrustedScriptObj.toString());

Specifications

Specification
Trusted Types
# dom-trustedtypepolicyfactory-emptyscript

Browser compatibility

BCD tables only load in the browser