TrustedTypePolicy: createScriptURL() method
Limited availability
This feature is not Baseline because it does not work in some of the most widely-used browsers.
Note: This feature is available in Web Workers.
The createScriptURL()
method of the TrustedTypePolicy
interface creates a TrustedScriptURL
object using a policy created by TrustedTypePolicyFactory.createPolicy()
.
Syntax
createScriptURL(input)
createScriptURL(input, args)
Parameters
input
-
A string containing the string to be sanitized by the policy.
args
Optional-
Additional arguments to be passed to the function represented by
TrustedTypePolicy
.
Return value
A TrustedScriptURL
object.
Exceptions
TypeError
-
Thrown if
TrustedTypePolicy
does not contain a function to run on the input.
Examples
In the below example a string containing the URL to an external resource is used as the input for createScriptURL()
. The policy can check that this is an allowed URL before inserting it into an injection sink that could cause this external script to be executed.
const escaped = escapeURLPolicy.createScriptURL(
"https://example.com/my-script.js",
);
Specifications
Specification |
---|
Trusted Types # dom-trustedtypepolicy-createscripturl |
Browser compatibility
BCD tables only load in the browser