-
Notifications
You must be signed in to change notification settings - Fork 84
Integrations
Luke Warlow edited this page Jun 27, 2024
·
30 revisions
Here we list the open source projects we know of that already integrate with Trusted Types. We also link to the respective code commits to guide future integrations.
| Project | Version | Policy name | Notes | Links |
|---|---|---|---|---|
| Angular | 12.1.1 |
angular, angular#unsafe-bypass, angular#unsafe-jit, angular#bundler
|
docs, whitepaper | |
| Angular Components | angular#components |
PR | ||
| Closure library |
goog#html, goog#base, goog#base#devonly#eval
|
Policy name configurable with --define goog.TRUSTED_TYPES_POLICY_NAME=foo
|
Commits | |
| CodeMirror | n/a (no violating code) | PR | ||
| DOMPurify | 2.0.0 |
dompurify with optional suffix |
Use RETURN_TRUSTED_TYPE config setting |
PR |
| emscripten |
emscripten#workerPolicy1, emscripten#workerPolicy2, emscripten#workerPolicy3
|
Use TRUSTED_TYPES=1 setting |
PR | |
| FAST | User-created | Pass a policy through DOM.setHTMLPolicy from @microsoft/fast-element
|
Documentation | |
| Highcharts | 9.3.2 | highcharts |
Changelog | |
| jQuery | 4.0.0 | n/a (no violating code) | jQuery accepts Trusted Types objects in functions that modify HTML (e.g. .html()) |
Issue |
| Karma | 4.4.0 | karma |
PR | |
| Karma-jasmine-html-reporter | 1.4.2 | karma-jasmine-html-reporter |
PR | |
| lit-html | 1.3.0 | lit-html |
||
| Polymer | polymer-html-literal |
Issue | ||
| Safe Pug templates | ||||
| safevalues | google#safe |
|||
| Visual Studio Code / Monaco Editor | Issue | |||
| webpack | 5.37.0 | Defined in output.uniqueName
|
Use output.trustedTypes config option. |
- TypeScript type annotations via DefinitelyTyped. Use via
npm install --save @types/trusted-types
-
- React doesn't cause Trusted Types violations.
- Support for Trusted Types values in dangerouslySetInnerHTML.
- Support for interpolating Trusted Types values to node attributes. Currently behind
enableTrustedTypesIntegrationflag (https://github.com/facebook/react/pull/16157), plan to make this behavior the default (https://github.com/facebook/react/pull/19588).
To compile react with
enableTrustedTypesIntegrationenabled:- Clone & setup React
-
enableTrustedTypesIntegration = trueinReactFeatureFlags.js yarn build react/index,react-dom/index --type=UMD
Using Trusted Types in your projects? Let us know!