← 返回首页
TrustedTypePolicy: createHTML() method - Web APIs | MDN
HTML

HTML: Markup language

HTML reference HTML guides Markup languages
CSS

CSS: Styling language

CSS reference CSS guides Layout cookbook
JavaScriptJS

JavaScript: Scripting language

JS reference JS guides
Web APIs

Web APIs: Programming interfaces

Web API reference Web API guides
All

All web technology

Technologies Topics
Learn

Learn web development

Frontend developer course Learn HTML Learn CSS Learn JavaScript
Tools

Discover our tools

About

Get to know MDN better

Blog
Toggle sidebar
  1. Web
  2. Web APIs
  3. TrustedTypePolicy
  4. createHTML()
Theme
  • OS default
  • Light
  • Dark
English (US)
Remember language Learn more

TrustedTypePolicy: createHTML() method

Baseline 2026
Newly available

Since February 2026, this feature works across the latest devices and browser versions. This feature might not work in older devices or browsers.

Note: This feature is available in Web Workers.

The createHTML() method of the TrustedTypePolicy interface creates a TrustedHTML object using a policy created by TrustedTypePolicyFactory.createPolicy().

In this article

Syntax

js
createHTML(input) createHTML(input, args)

Parameters

input

A string containing the string to be sanitized by the policy.

args Optional

Additional arguments to be passed to the function represented by TrustedTypePolicy.

Return value

A TrustedHTML object.

Exceptions

TypeError

Thrown if TrustedTypePolicy does not contain a function to run on the input.

Examples

In the below example a string containing a potentially dangerous script is used as the input for createHTML(). Dangerous code inserted by a user could then be sanitized before insertion into any injection sink.

js
const escaped = escapeHTMLPolicy.createHTML("<img src=x onerror=alert(1)>");

Specifications

Specification
Trusted Types
# dom-trustedtypepolicy-createhtml

Browser compatibility

Enable JavaScript to view this browser compatibility table.

Help improve MDN

Was this page helpful to you?
Yes No
Learn how to contribute

This page was last modified on May 13, 2024 by MDN contributors.

View this page on GitHubReport a problem with this content
  1. Trusted Types API
  2. TrustedTypePolicy
  3. Instance properties
    1. name
  4. Instance methods
    1. createHTML()
    2. createScript()
    3. createScriptURL()
  5. Related pages for Trusted Types API
    1. TrustedHTML
    2. TrustedScript
    3. TrustedScriptURL
    4. TrustedTypePolicyFactory
    5. Window.trustedTypes
    6. WorkerGlobalScope.trustedTypes

Your blueprint for a better internet.

MDN Contribute Developers

Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998–2026 by individual mozilla.org contributors. Content available under a Creative Commons license.