'Trusted Types' offers an (optional) mechanism for web sites to protect themselves against XSS (cross-site scripting) attacks.It limits the attack surface from potentially the entire code base to a handful of "policies" that a developer can implement and install, and whose usage the browser will then enforce. "Trusted types" then ensure that all risk-ful parts of the DOM can only be used by data that has gone through such a developer-supplied policy. Release is expected in Chrome 83.




Specification link

Specification currently under development in a Working Group

Status in Chromium


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • Positive


Intent to Prototype url

Intent to Prototype thread

Last updated on 2021-12-13