Track A
14:40-15:10(30 min)
Trusted Types: DOM XSS Proteciton at Scale
- English
DOM XSS continues to be the most critical threat to web security. Our current best defense against DOM XSS is Trusted Types, a browser-based runtime feature to limit the uses of DOM APIs (and limit the possibility of DOM injection). We will discuss our approach to using Trusted Types at Google to protect billions of our users, the challenges of backporting Trusted Types compatibility to hundreds of webapps, and our approach to making the entire JS ecosystem safer with Trusted Types.