# Trusted Types cheatsheet

> Browser Trusted Types, CSP (`require-trusted-types-for`, `trusted-types`), `createPolicy`, TrustedHTML / TrustedScript, HTML Sanitizer API (`setHTML`), Perfect Types (`trusted-types 'none'`), polyfills, and mitigation patterns.

All pages below are static HTML generated from Markdown. Prefer the homepage for the full structured cheatsheet and table of contents.

## Core pages
- [Trusted Types — Cheatsheet](https://tt-cheatsheet.javan.de/): Trusted Types & CSP cheatsheet: policies, TrustedHTML/TrustedScript, default policy migration, Sanitizer API (setHTML), Perfect Types, and a live playground.
- [Trusted Types — Polyfill](https://tt-cheatsheet.javan.de/POLYFILL.html): W3C Trusted Types polyfill for older browsers: api_only vs full ES5 builds, npm, tinyfill, and how shims differ from real CSP enforcement.

## Discovery
- [Sitemap](https://tt-cheatsheet.javan.de/sitemap.xml): all URLs on this site.
- [robots.txt](https://tt-cheatsheet.javan.de/robots.txt): crawling rules (AI crawlers explicitly allowed).

This file follows the [llms.txt](https://llmstxt.org/) convention.