Trusted Types API

_clai發表於2024-04-30

Trusted Types API: 鎖定 `DOM API` 的不安全部分，以防止客戶端跨站指令碼（`XSS`）攻擊

untrusted

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Trusted Types API</title>
  </head>
  <body>
    <strong>Trusted Types API</strong>
    <hr />
    <div class="content"></div>

    <script>
      const content = document.querySelector('.content');

      const strHTML = `<div>
        <p>This is a trusted string.</p>
        <img src="https://via.placeholder.com/350x150" alt="placeholder image" />
      </div>`;

      content.innerHTML = strHTML;
    </script>
  </body>
</html>

trusted

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Trusted Types API</title>
  </head>
  <body>
    <strong>Trusted Types API</strong>
    <hr />
    <div class="content"></div>

    <script>
      const content = document.querySelector('.content');

      const strHTML = `<div>
        <p>This is a trusted string.</p>
        <img src="https://via.placeholder.com/350x150" alt="placeholder image" />
      </div>`;

      const entityMap = {
        '&': '&amp;',
        '<': '&lt;',
        '>': '&gt;',
        '"': '&quot;',
        "'": '&#39;',
        '/': '&#x2F;',
      };
      const escapedStrHTML = trustedTypes.createPolicy('myPolicy', {
        createHTML: (input) => input.replace(/[&<>"'\/]/g, (char) => entityMap[char]),
      });

      const trustedHTML = escapedStrHTML.createHTML(strHTML);
      content.innerHTML = trustedHTML;
    </script>
  </body>
</html>

Dynamics 365 Web API Set Values of all Data Types using Web API in Dynamics CRM Through C#
2018-06-27
WebAPIC#
EF Core – Owned Entity Types & Complex Types
2024-04-01
TypeScript @types
2019-03-21
TypeScript
stock Types
2009-06-03
Types of Locks (340)
2007-12-10
譯｜There Are No Reference Types in Go
2021-08-24
Go
TypeScript 之 Object Types
2021-11-23
TypeScriptObject
Two Types of Error in JAVA
2016-10-05
ErrorJava
Understanding Service Types
2015-03-16
Scala的Abstract Types
2016-02-01
Types of SAP Support Packages
2008-08-20
Package
types of undo segments(ZT)
2011-09-05
Behind RabbitMQ Exchange Types
2016-02-19
MQ
Trusted Cloud Summit（2018.08.14）
2019-01-28
RustCloudMIT
DataTransfer.types 屬性
2019-10-09
TypeScript 之 Indexed Access Types
2021-12-01
TypeScriptIndex
TypeScript 之 Conditional Types
2021-12-02
TypeScript
birkenstock sandals spec Younger types
2014-03-20
Types of Processes (108)
2007-10-27
Trusted Block Chain Summit（2018.10.09）
2019-01-28
RustBloCAIMIT
Linux 報錯Certificate verification failed: The certificate is NOT trusted.
2024-07-17
LinuxAIRust
【譯】 Types are moving to the right
2019-03-22
SAP MM Stock Tables and Stock Types
2015-12-16
springboot activemq This class is not trusted to be serialized as ObjectMessage payload .
2017-06-20
Spring BootMQRustZedObject
系統是trusted system 單使用者修改PASSWD
2007-11-21
Rust
PostgreSQL DBA(80) - Object Identifier Types
2019-08-15
SQLObjectIDE
Go 迷思之 Named 和 Unnamed Types
2017-11-28
Go
This page provides the following types of documentation
2004-07-28
IDE
Scala的Infix Type與Self Types
2016-01-28
Types of Oracle Database Users : Database Users (6)
2007-12-15
OracleDatabase
different testing types ( by quqi99 )
2013-02-05
RabbitMQ 訊息佇列之 Exchange Types
2018-11-07
MQ佇列
Lerning Entity Framework 6 ------ Complex types
2017-05-16
Framework
[CareerCup] 15.4 Types of Join 各種交
2016-04-05
mysql 5.6 for linux install(three types)
2015-04-22
MySqlLinux
Types of Oracle Database Users : Security Officers (2)
2007-12-15
OracleDatabase
Types of Oracle Database Users : Application Developers (4)
2007-12-15
OracleDatabaseAPPDeveloper
setup types & setup standard operation(BOM>Rountings)
2007-11-05

Trusted Types API

Trusted Types API: 鎖定 DOM API 的不安全部分，以防止客戶端跨站指令碼（XSS）攻擊

相關文章

Trusted Types API: 鎖定 `DOM API` 的不安全部分，以防止客戶端跨站指令碼（`XSS`）攻擊