💦 FULL SET: TR/trusted types - Full Archive

Trusted Types

W3C Working Draft, 3 November 2025

More details about this document

This version:: https://www.w3.org/TR/2025/WD-trusted-types-20251103/
Latest published version:: https://www.w3.org/TR/trusted-types/
Editor's Draft:: https://w3c.github.io/trusted-types/dist/spec/
Previous Versions:: https://www.w3.org/TR/2025/WD-trusted-types-20251028/
History:: https://www.w3.org/standards/history/trusted-types/
Feedback:: public-webappsec@w3.org with subject line “[trusted-types] … message topic …” (archives); GitHub; Inline In Spec
Editor:: Krzysztof Kotowicz (Google LLC)
Former Editor:: Mike West (Google LLC)
Test Suite:: https://wpt.fyi/results/trusted-types/

Copyright © 2025 World Wide Web Consortium. W3C^® liability, trademark and permissive document license rules apply.

Abstract

An API that allows applications to lock down powerful APIs to only accept non-spoofable, typed values in place of strings to prevent vulnerabilities caused by using these APIs with attacker-controlled inputs.

Status of this document

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index.

This document was published by the Web Application Security Working Group as a Working Draft using the Recommendation track. This document is intended to become a W3C Recommendation.

The (archived) public mailing list public-webappsec@w3.org (see instructions) is preferred for discussion of this specification. When sending e-mail, please put the text “trusted-types” in the subject, preferably like this: “[trusted-types] …summary of comment…”

Publication as a Working Draft does not imply endorsement by W3C and its Members. This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than a work in progress.

This document was produced by the Web Application Security Working Group.

This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent that the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 18 August 2025 W3C Process Document.

Tests