'Trusted Types' offers an (optional) mechanism for web sites to protect themselves against XSS (cross-site scripting) attacks.It limits the attack surface from potentially the entire code base to a handful of "policies" that a developer can implement and install, and whose usage the browser will then enforce. "Trusted types" then ensure that all risk-ful parts of the DOM can only be used by data that has gone through such a developer-supplied policy. Release is expected in Chrome 83.




Working draft or equivalent

Status in Chromium


Enabled by default (tracking bug) in:

  • Chrome for desktop release 83
  • Chrome for Android release 83

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signal
  • Positive


Intent to Prototype url

Intent to Prototype thread

Last updated on 2021-05-18