First Public Working Draft: Trusted Types

The Web Application Security Working Group has published a First Public Working Draft of Trusted Types, an API that allows applications to lock down powerful APIs to only accept non-spoofable, typed values in place of strings to prevent vulnerabilities caused by using these APIs with attacker-controlled inputs.