← Back to release summary

Trusted Types fromLiteral

Category

JavaScript

Type

No developer-visible change

Status

Proposed (Chrome Proposed)

Intent stage

Prepare to ship

Summary

Adds a function to each "Trusted Type" to create an instance from a JavaScript template literal (but not from a dynamically computed string). This makes it easy to mark literals in the JavaScript source text as "trusted". Example: const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`;

Motivation

When deploying Trusted Types, developers found it cumbersome to require a policy and to have to "wrap" every single literal they use in a given program. Building an API that makes it easy to accept literals embedded in the source code - but not dynamically created strings - would make TT easier to deploy. Example: const html = TrustedHTML.fromLiteral`<p>Literal Text</p>`;

Standards & signals

• Specification: https://w3c.github.io/trusted-types/dist/spec/#trusted-html
• Firefox: No signal — Firefox has not implemented Trusted Types.
• Safari: No signal — Safari has not implemented Trusted Types.
• Web developers: Positive
• Tracking bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1271149

View on chromestatus.com