createPolicy method

TrustedTypePolicy createPolicy(
  1. String policyName, [
  2. TrustedTypePolicyOptions policyOptions
])

The createPolicy() method of the TrustedTypePolicyFactory interface creates a TrustedTypePolicy object that implements the rules passed as policyOptions.

The default policy

In Chrome a policy with a name of "default" creates a special policy that will be used if a string (rather than a Trusted Type object) is passed to an injection sink. This can be used in a transitional phase while moving from an application that inserted strings into injection sinks.

Note: The above behavior is not yet settled in the specification and may change in future.

Warning: A lax default policy could defeat the purpose of using Trusted Types, and therefore should be defined with strict rules to ensure it cannot be used to run dangerous code.

Implementation

external TrustedTypePolicy createPolicy(
  String policyName, [
  TrustedTypePolicyOptions policyOptions,
]);