The Blessing of the Strings
April 4, 2024
Trusted Types have been a proposal by Google for quite some time at this point, but it’s currently getting a lot of attention and work in all browsers (Igalia is working on implementations in WebKit and Gecko, sponsored by Salesforce and Google, respectively). I’ve been looking at it a lot and thought it’s probably something worth writing about.
Source: The Blessing of the Strings
Security is increasingly on developers and teams and companies and organisations minds–which sounds like an obvious thing to say but well look around and the incidents, breaches we see frequently suggest otherwise.
JavaScript itself and the browser presents a very enticing attack vector and one approach to minimising harms is ‘trusted types’. Brian Kordell, longtime friend of Web Directions has a writeup of the proposal and we have a presentation now available with a free membership on the concept from a couple of years ago.