DigiNews

Summary

Describes how Trusted Types and a strict CSP can prevent DOM-based XSS, introducing the 'Perfect Types' policy that disables any policy while requiring safe HTML modifications only via setHTML() or by parsing HTML and reinserting it. The article also discusses the need for security-minded policy maintenance and practical usage guidance.