{"id":54914,"date":"2023-12-21T13:55:15","date_gmt":"2023-12-21T13:55:15","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35327\/Mozilla-Decides-Trusted-Types-Is-A-Worthy-Security-Feature.html"},"modified":"2023-12-21T13:55:15","modified_gmt":"2023-12-21T13:55:15","slug":"mozilla-decides-trusted-types-is-a-worthy-security-feature","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/","title":{"rendered":"Mozilla Decides Trusted Types Is A Worthy Security Feature"},"content":{"rendered":"<p>Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.<\/p>\n<p>By so doing, the browser biz will help reduce a longstanding form of web attack that relies on injected code.<\/p>\n<p>&#8220;We at Mozilla have done a thorough spec review and intend to change our standards position to positive,&#8221; <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/mozilla\/standards-positions\/issues\/20#issuecomment-1853427823\">declared<\/a> Frederik Braun, Firefox security engineer, in a post to a discussion of Mozilla&#8217;s views about proposed browser technologies. &#8220;We are convinced of the track record that Trusted Types has in terms of preventing DOM-based XSS on popular websites.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Mozilla won&#8217;t implement Trusted Types in Firefox immediately \u2013 there are still some technical issues to sort out. But the org&#8217;s decision is a win for web security, which has been looking up since May 2020 when Trusted Types shipped in <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/04\/17\/chrome_83_beta\/\" rel=\"noopener\">Chrome 83<\/a> and Edge 83. Opera (based on the open source Chromium project, like Edge) added support in June 2020.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/web.dev\/articles\/trusted-types\">Trusted Types<\/a> addresses <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/owasp.org\/www-community\/attacks\/DOM_Based_XSS\">DOM-XSS<\/a>, or document object model cross-site scripting \u2013 considered to be both rather dangerous and fairly common. Ranked first among the <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/owasp.org\/www-project-top-ten\/\">OWASP Top Ten Web Application Security Risks<\/a> in 2017 \u2013 under the category &#8220;Injection&#8221; \u2013 XSS attacks slipped to the third most common vulnerability by 2021. And XSS attacks should become less common as more websites revise their code to take advantage of Trusted Types.<\/p>\n<p>&#8220;Trusted Types offers an (optional) mechanism for web sites to protect themselves against XSS (cross-site scripting) attacks,&#8221; explained Daniel Vogelheim, a Google software engineer, in a Blink developer mailing list <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/groups.google.com\/a\/chromium.org\/g\/blink-dev\/c\/Il-wfnw9TAw\/m\/n3BUe4MgBgAJ\">post<\/a> back in 2018, when the feature was about to be tested.<\/p>\n<p>&#8220;Those types of attacks stem from implementation oversights that allow user-controlled (and therefore attacker-controlled) string data to slip through into parts of the DOM where they are interpreted as JavaScript (or script-equivalent).&#8221;<\/p>\n<p>Or, as Vogelheim continued, they are made possible when developers fail to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/xkcd.com\/327\/\">sanitize their app&#8217;s inputs<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>For example, the <code>.innerHTML<\/code> property, which gets or sets the text for the associated element, can be used to execute code (in this case an alert popup):<\/p>\n<pre class=\"wrap_text\">\nconst name = \"&lt;img src='x' onerror='alert(1)'&gt;\";\nel.innerHTML = name; \/\/ shows the alert\n<\/pre>\n<p>With Trusted Types enabled, the browser expects a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/TrustedHTML\">TrustedHTML object<\/a> instead of a text snippet.<\/p>\n<p>Trusted Types addresses the risk of unsafe input by limiting the attack surface via Content Security Policy and a content filtering mechanism. And since the capability first showed up three years ago, DOM-XSS attacks have become less common in the Chromium ecosystem.<\/p>\n<p>In an October <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/mozilla\/standards-positions\/issues\/20#issuecomment-1783279722\">post<\/a> to the GitHub repo discussing Mozilla&#8217;s positions on various technologies, Vogelheim notes that Google expects to effectively eliminate DOM-XSS risk as it deploys Trusted Types across all of Google&#8217;s websites.<\/p>\n<p>&#8220;XSS used to be a significant problem at Google, making up 30 percent of overall VRP [Vulnerability Rewards Program] rewards in 2018,&#8221; he noted. &#8220;In 2023, they account for only 4.1 percent, all for bugs reported against properties that have not migrated to Trusted Types yet. In the past three years, we have not received a single XSS (in VRP; in the wild; or through [our] own research) for a Trusted Types-enabled Google property.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>In a 2021 <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/storage.googleapis.com\/pub-tools-public-publication-data\/pdf\/2cbfffc0943dabf34c499f786080ffa2cda9cb4c.pdf\">report<\/a> [PDF] on Trusted Types, Krzysztof Kotowicz, an information security engineer at Google, wrote, &#8220;To date, we have observed zero DOM-XSS in Google applications migrated to Trusted Types.&#8221;<\/p>\n<p>Bartosz Niemczura, software engineer at Meta, echoed Google&#8217;s enthusiasm in the Mozilla standards discussion thread, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/mozilla\/standards-positions\/issues\/20#issuecomment-1828287934\">stating<\/a>, &#8220;\u200b\u200bAt Meta, we see Trusted Types as a useful security mechanism as well. I believe that broader support across browsers and broader deployment across websites would be beneficial to the web platform overall.&#8221;<\/p>\n<p>Toward that end, Niemczura pointed to a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/WebKit\/standards-positions\/issues\/186\">post<\/a> he made in May urging Apple&#8217;s WebKit team to consider adopting Trusted Types based on successful deployment by Google, Meta, and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/microsoftedge.github.io\/edgevr\/posts\/eliminating-xss-with-trusted-types\/#takeaways\">Microsoft<\/a> across various websites. Currently, Trusted Types is present or enforced in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/mitigation.supply\/\">about ten percent<\/a> of Chrome web page loads.<\/p>\n<p>Bruce Perens, a veteran programmer and one of the founders of the Open Source movement, expressed enthusiasm for the technology after deploying it.<\/p>\n<p>&#8220;I&#8217;ve implemented Trusted Types on a web app, and I felt they were really helpful in identifying lots of &#8216;injection sites&#8217; where a cross-site scripting attack could happen, and requiring me to provide a filter or some other way of securing user input that got there,&#8221; he wrote in an email to <em>The Register<\/em>.<\/p>\n<p>Perens said that while Trusted Types are only enforced in some browsers, developers should adapt their web app code to support the XSS defense because he believes Firefox, Safari, and other browsers will eventually include the technology.<\/p>\n<p>&#8220;The web obviously evolved through a whole bunch of pieces being stacked on previous work as an afterthought, manipulation of the DOM, the document object model, by Javascript being the biggest addition to the simple HTML of the early web,&#8221; Perens said. &#8220;The addition of Trusted Types helps to close security holes that were created by that early work. But a competent programmer is required to take advantage of this \u2013 cross-site scripting will still be possible if a website doesn&#8217;t use Trusted Types.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35327\/Mozilla-Decides-Trusted-Types-Is-A-Worthy-Security-Feature.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10806],"class_list":["post-54914","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlinemozillafirefox"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mozilla Decides Trusted Types Is A Worthy Security Feature 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mozilla Decides Trusted Types Is A Worthy Security Feature 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-21T13:55:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Mozilla Decides Trusted Types Is A Worthy Security Feature\",\"datePublished\":\"2023-12-21T13:55:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/\"},\"wordCount\":844,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,mozilla,firefox\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/\",\"name\":\"Mozilla Decides Trusted Types Is A Worthy Security Feature 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-12-21T13:55:15+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mozilla-decides-trusted-types-is-a-worthy-security-feature\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,mozilla,firefox\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemozillafirefox\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Mozilla Decides Trusted Types Is A Worthy Security Feature\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mozilla Decides Trusted Types Is A Worthy Security Feature 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/","og_locale":"en_US","og_type":"article","og_title":"Mozilla Decides Trusted Types Is A Worthy Security Feature 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-12-21T13:55:15+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Mozilla Decides Trusted Types Is A Worthy Security Feature","datePublished":"2023-12-21T13:55:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/"},"wordCount":844,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,mozilla,firefox"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/","url":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/","name":"Mozilla Decides Trusted Types Is A Worthy Security Feature 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-12-21T13:55:15+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZYUDVcLTWWhLDV46OUTFrwAAAYE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/mozilla-decides-trusted-types-is-a-worthy-security-feature\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,mozilla,firefox","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemozillafirefox\/"},{"@type":"ListItem","position":3,"name":"Mozilla Decides Trusted Types Is A Worthy Security Feature"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54914"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54914\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54914"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54914"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}