Trusted Types: How we mitigate XSS threats in Grafana 10

Grafana, a data visualization platform, addresses the persistent issue of cross-site scripting (XSS) vulnerabilities, particularly DOM XSS, by implementing Trusted Types, an experimental JavaScript API developed by Google. This approach, combined with a strict Content Security Policy (CSP), aims to mitigate security risks associated with user-supplied data and third-party plugins, which often allow arbitrary HTML. Trusted Types enforce that only "trusted type" objects, not raw strings, can be passed to specific DOM APIs, thus preventing potential XSS attacks. Grafana's implementation includes creating policies for proper sanitization and using DOMPurify to support Trusted Types, ensuring that code is sanitized before execution. While challenges such as TypeScript support and plugin compatibility persist, Grafana's use of Trusted Types demonstrates a significant step towards enhancing security against DOM XSS, though it acknowledges that these measures cannot entirely eliminate the risk due to possible bypasses and limited browser support.