Google has created a new browser API ‘Trusted Types’ to fight against DOM XSS attacks

[silversurfer]

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe from hacking attempts.

This new feature is called Trusted Types and is a browser API that Google has been working on for the past months.

The company's engineers plan to test Trusted Types throughout 2018, between Chrome 73 and Chrome 76, before rolling out and enabling it as a permanent security feature for all Chrome users later in the year --if all goes as planned.

This new security feature was developed with the intent to protect users against one of the three types of cross-site scripting flaws --namely DOM-based (or type-0) XSS.
The other two XSS types are "reflected" and "stored." A detailed breakdown of all three XSS types is available here, for readers looking to learn more on XSS.

SOURCE: https://www.zdnet.com/article/google-wor...e-dom-xss/