Abstrakt: | Trusted Types is a modern Web API that aims to reduce DOM XSS attack surface in web applications.
Integrating Trusted Types in web applications and libraries requires code changes. The major problem
is when these changes need to be made in third-party code which the developer does not have access
to.
Trusted Types support in open source projects is gradually improving and we plan to analyze some of
these integrations and implement new ones. We first describe how the integration process works in
general. We then implement multiple integrations into different libraries of various complexities.
Our biggest achievements are Trusted Types support for Solid.js framework and Cypress testing
plugin. We show that it is possible to develop, test, and release applications with Trusted Types
enforcement enabled using the integrations we implemented. We demonstrate this on a smaller-sized
real-world application.
|
---|