TrustedTypePolicyFactory: emptyScript property
The emptyScript
read-only property of the TrustedTypePolicyFactory
interface returns a TrustedScript
object containing an empty string.
This object can be used when the application requires an empty string to be inserted into an injection sink which is expecting a TrustedScript
object.
Value
A TrustedScript
object.
Examples
The specification explains that the emptyScript
object can be used to detect support for dynamic code compilation.
Native Trusted Types implementations can support eval(TrustedScript)
, therefore in the below example a native implementation will return false for eval(trustedTypes.emptyScript)
. A polyfill will return a truthy object.
js
const supportsTS = !eval(trustedTypes.emptyScript);
eval(supportsTS ? myTrustedScriptObj : myTrustedScriptObj.toString());
Specifications
Specification |
---|
Trusted Types # dom-trustedtypepolicyfactory-emptyscript |
Browser compatibility
BCD tables only load in the browser