• Mozilla plans to implement Trusted Types in Firefox to reduce web attacks relying on injected code.
• Trusted Types has been successful in preventing DOM-based XSS on popular websites.
• As more websites adopt Trusted Types, XSS attacks are expected to become less common.
DacoTaco@lemmy.world 1 year ago
I had no idea trusted types existed, and took a while to realise the w3 docs was confusing as hell.
But mozilla to the rescue : developer.mozilla.org/en-US/…/Trusted_Types_API
So it boils down to a javascript api to santize a string before using it in a plathora of javascript functions that interact with the DOM. Neat, but if the developer has to make the policy themselves i dont see the added bonus to this. XSS seems to be still possible of the policy is made incorrectly?