Explore using trusted-types and require-using-trusted-types-for in the CSP

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-trusted-types-for

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/trusted-types

These are meant to prevent DOM XSS by preventing unsanitized strings from being assigned to DOM elements. As of today (2024-08-14) these CSP directives are considered experimental are not supported in Firefox and Safari.