|
|
|
|
|
|
by fluxsauce
2526 days ago
|
|
|
Scary headline; FTA: > Don’t worry, though – another, hopefully better, protection measure is on the way. > Another feature is in development to help: an application programming interface (API) called Trusted Types. Trusted types treats user input as untrustworthy by default and forces developers to take steps to sanitise it before it can be included in a web page. A better headline may be "Google Chrome replacing XSS Auditor with Trusted Types" |
|
|
As I think a Googler has mentioned above, the XSS auditor is for reflected XSS vulns (caused by the server unsafely outputting user input). Trusted Types protects against DOM-based vulns, which are more client-side.