Philippe De Ryck

Securing Frontend Applications with Trusted Types

Fully eradicate DOM-based cross-site scripting in your application. Trusted Types provides a browser-level defense that makes the secure path the only available path.

Securing Frontend Applications with Trusted Types
#1about 4 minutes

Understanding the real-world danger of cross-site scripting

Cross-site scripting (XSS) allows attackers to execute malicious code in a user's browser, with severe consequences like data theft.

#2about 4 minutes

How modern frameworks fail to prevent all XSS attacks

While frameworks like Angular and React encode data by default, properties like `dangerouslySetInnerHTML` create bypasses that reintroduce XSS risks.

#3about 6 minutes

Using sanitization to safely render dynamic HTML

Sanitizing user-provided HTML with libraries like DOMPurify is crucial for preventing XSS, especially when bypassing framework defaults.

#4about 7 minutes

How Trusted Types change browser behavior to block XSS

Enabling Trusted Types via a Content Security Policy header forces dangerous DOM sinks like `innerHTML` to reject strings and only accept safe, typed objects.

#5about 5 minutes

Using Trusted Types in development to secure all browsers

Even with limited browser support, using Trusted Types during development helps developers find and fix XSS vulnerabilities that benefit users on all platforms.

#6about 6 minutes

Securing third-party libraries with a default policy

A default Trusted Types policy can automatically sanitize insecure DOM assignments from third-party dependencies, securing your entire application.

#7about 13 minutes

Q&A on framework comparisons and advanced concepts

The speaker answers audience questions about Vue.js, server-side validation, policy injection risks, browser polyfills, and the future of native sanitization APIs.

Related jobs
Jobs that call for the skills explored in this talk.

job ad

Saby Company
Delebio, Italy

Intermediate

d

Saby Company
Delebio, Italy

Junior

Matching moments

The future of XSS prevention with Trusted Types
24:43 MIN

The future of XSS prevention with Trusted Types

A Primer in Single Page Application Security (Angular, React, Vue.js)

Introducing trusted types to secure dangerous dom sinks
23:33 MIN

Introducing trusted types to secure dangerous dom sinks

Cross Site Scripting is yesterday's news, isn't it?

Eliminating XSS with a dedicated HTML type
36:02 MIN

Eliminating XSS with a dedicated HTML type

Typed Security: Preventing Vulnerabilities By Design

The primary security threat of cross-site scripting
04:25 MIN

The primary security threat of cross-site scripting

A Primer in Single Page Application Security (Angular, React, Vue.js)

A practical checklist for preventing XSS in SPAs
26:58 MIN

A practical checklist for preventing XSS in SPAs

A Primer in Single Page Application Security (Angular, React, Vue.js)

Q&A on common pitfalls and sanitization tools
27:38 MIN

Q&A on common pitfalls and sanitization tools

101 Typical Security Pitfalls

Implementing trusted types with the dompurify library
26:34 MIN

Implementing trusted types with the dompurify library

Cross Site Scripting is yesterday's news, isn't it?

Preventing XSS by sanitizing on the backend
04:49 MIN

Preventing XSS by sanitizing on the backend

101 Typical Security Pitfalls

Featured Partners

Related Videos

See all videos
Cross Site Scripting is yesterday's news, isn't it?30:54

Cross Site Scripting is yesterday's news, isn't it?

Martina Kraus

A Primer in Single Page Application Security (Angular, React, Vue.js)36:39

A Primer in Single Page Application Security (Angular, React, Vue.js)

Thomas Konrad

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Friend or Foe? TypeScript Security Fallacies27:41

Friend or Foe? TypeScript Security Fallacies

Liran Tal

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Snappy UI needs no Single-Page Application40:24

Snappy UI needs no Single-Page Application

Clemens Helm

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

You click, you lose: a practical look at VSCode's security29:47

You click, you lose: a practical look at VSCode's security

Thomas Chauchefoin & Paul Gerste

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
LM
Luis Minvielle
10 Developer Websites in 2023
As a web developer, you're always investigating how to level up your skills and streamline your workflow. That's why we've gathered a collection of 10 innovative tools that are guaranteed to boost your productivity, enhance your coding abilities, ele...
10 Developer Websites in 2023
DC
Daniel Cranney
The State of HTML 2024: What can we learn from it?
The results of the State of HTML 2024 survey are in! Though the name suggests it’s HTML-only, the survey focuses on the web platform in a more general sense, giving us some fascinating insights into not only the state of the web, but also some sense ...
The State of HTML 2024: What can we learn from it?
LM
Luis Minvielle
The Best Upcoming IT Webinars
Now that you already know what IT webinars are and how they can help you level up your professional appeal, you might want actually to get into one. Live tech webinars are one of the best ways to stay on top of the latest trends and tools because eit...
The Best Upcoming IT Webinars

From learning to earning

Jobs that call for the skills explored in this talk.