1. Web
  2. Web APIs
  3. TrustedScriptURL

TrustedScriptURL

Baseline 2026
Newly available

Since February 2026, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.

Note: This feature is available in Web Workers.

The TrustedScriptURL interface of the Trusted Types API represents a string that a developer can insert into an injection sink that will parse it as a URL of an external script. These objects are created via TrustedTypePolicy.createScriptURL() and therefore have no constructor.

The value of a TrustedScriptURL object is set when the object is created and cannot be changed by JavaScript as there is no setter exposed.

Instance methods

TrustedScriptURL.toJSON()

Returns a JSON representation of the stored data.

TrustedScriptURL.toString()

A string containing the sanitized URL.

Examples

The constant sanitized is an object created via a Trusted Types policy.

js
const sanitized = scriptPolicy.createScripturl(/Education?url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FAPI%2F%2522https%3A%2F%2Fexample.com%2Fmy-script.js%2522%2C);
console.log(sanitized); /* a TrustedScriptURL object */

Specifications

Specification
Trusted Types
# trused-script-url

Browser compatibility

See also

Help improve MDN

Learn how to contribute

This page was last modified on by MDN contributors.

View this page on GitHubReport a problem with this content