- Notifications
You must be signed in to change notification settings - Fork 83
Integrations
Luke Warlow edited this page Jun 27, 2024 · 30 revisions
Here we list the open source projects we know of that already integrate with Trusted Types. We also link to the respective code commits to guide future integrations.
| Project | Version | Policy name | Notes | Links |
|---|---|---|---|---|
| Angular | 12.1.1 | angular, angular#unsafe-bypass, angular#unsafe-jit, angular#bundler | docs, whitepaper | |
| Angular Components | angular#components | PR | ||
| Closure library | goog#html, goog#base, goog#base#devonly#eval | Policy name configurable with --define goog.TRUSTED_TYPES_POLICY_NAME=foo | Commits | |
| CodeMirror | n/a (no violating code) | PR | ||
| DOMPurify | 2.0.0 | dompurify with optional suffix | Use RETURN_TRUSTED_TYPE config setting | PR |
| emscripten | emscripten#workerPolicy1, emscripten#workerPolicy2, emscripten#workerPolicy3 | Use TRUSTED_TYPES=1 setting | PR | |
| FAST | User-created | Pass a policy through DOM.setHTMLPolicy from @microsoft/fast-element | Documentation | |
| Highcharts | 9.3.2 | highcharts | Changelog | |
| jQuery | 4.0.0 | n/a (no violating code) | jQuery accepts Trusted Types objects in functions that modify HTML (e.g. .html()) | Issue |
| Karma | 4.4.0 | karma | PR | |
| Karma-jasmine-html-reporter | 1.4.2 | karma-jasmine-html-reporter | PR | |
| lit-html | 1.3.0 | lit-html | ||
| Polymer | polymer-html-literal | Issue | ||
| Safe Pug templates | ||||
| safevalues | google#safe | |||
| Visual Studio Code / Monaco Editor | Issue | |||
| webpack | 5.37.0 | Defined in output.uniqueName | Use output.trustedTypes config option. |
- TypeScript type annotations via DefinitelyTyped. Use via
npm install --save @types/trusted-types
-
- React doesn't cause Trusted Types violations.
- Support for Trusted Types values in dangerouslySetInnerHTML.
- Support for interpolating Trusted Types values to node attributes. Currently behind
enableTrustedTypesIntegrationflag (https://github.com/facebook/react/pull/16157), plan to make this behavior the default (https://github.com/facebook/react/pull/19588).
To compile react with
enableTrustedTypesIntegrationenabled:- Clone & setup React
-
enableTrustedTypesIntegration = trueinReactFeatureFlags.js yarn build react/index,react-dom/index --type=UMD
Using Trusted Types in your projects? Let us know!