API preventing DOM XSS by enforcing safe values for injection sinks.
Solution Code
JavaScript
const policy = trustedTypes.createPolicy('escapePolicy', {
createHTML: s => sanitize(s)
});Explanation
Requires Content-Security-Policy header. Used with frameworks like Angular.Guided Hints
Default policies
Legacy code migration