'Trusted Types' offers an (optional) mechanism for web sites to protect themselves against XSS (cross-site scripting) attacks.It limits the attack surface from potentially the entire code base to a handful of "policies" that a developer can implement and install, and whose usage the browser will then enforce. "Trusted types" then ensure that all risk-ful parts of the DOM can only be used by data that has gone through such a developer-supplied policy. Release is expected in Chrome 83.
Docs: https://w3c.github.io/webappsec-trusted-types/dist/spec/
Samples: https://web.dev/trusted-types/
Explainers: https://github.com/w3c/webappsec-trusted-types/blob/master/explainer.md