|
|
|
|
| 1 |
innerHTML TrustedHTML (unsafe policy) |
trusted input |
|
| 2 |
innerHTML string |
|
|
| 3 |
innerHTML TrustedHTML (escape policy) |
<b>escape me</b> |
|
| 4 |
iframe.srcdoc string |
|
|
| 5 |
iframe.srcdoc TrustedHTML |
|
|
| 6 |
iframe.srcdoc setAttribute string |
|
|
| 7 |
iframe.srcdoc setAttribute TrustedHTML |
|
|
| 8 |
Range.createContextualFragment string |
|
|
| 9 |
Range.createContextualFragment TrustedHTML |
trusted input |
|
| 10 |
Element.insertAdjacentHTML string |
|
|
| 11 |
Element.insertAdjacentHTML TrustedHTML |
trusted input |
|
| 12 |
HTMLScriptElement.src TrustedScriptURL |
|
|
| 13 |
creating policy from outside allowlist |
|
|