logo

Integrating Trusted Types with Solid.js and Cypress: Enhancing Web Application Security

Authors
  • Santosh Kumar

    Author

Keywords:
Trusted Types, Cross-site scripting (XSS), Solid.js, Cypress, Content Security Policy (CSP)
Abstract

This paper studies Trusted Types, which is an updated browser restriction to mitigate Cross-Site Scripting (XSS) attacks for the Solid.js framework and the Cypress e2e testing environment. The research commences with the migration of the Solid.js build system from the Rollup bundler over to Vite, requiring minimal changes to the existing codebase while enhancing the efficiency of the development workflow. In order to achieve full Trusted Types compatibility, we relied on custom Vite and Solid.js versions. Also, we made necessary adjustments, such as renaming JavaScript source files from .js to .jsx and implementing Trusted Types policies for generating third-party API content. Furthermore, the study describes a custom Cypress plugin used to validate the enforcement of Trusted Types in automated testing. A developer can easily configure Content Security Policy (CSP) headers and detect Trusted Types violations in real-time with the help of the plugin. It aids in making security testing more dependable. As shown in the experiments, the proposed integration strengthens application resilience against client-side injection attacks with the added benefit of efficient development and flexible testing. While usage of Trusted Types in the open source ecosystem is not widespread, it shows great potential for enhancing the security of modern web applications. The future work will extend Trusted Types support to large-scale real-world applications, improve compatibility with frameworks, and promote wide-scale adoption of secure-by-default web development practices.

References
Cover Image
cover image
Downloads
Published
2026-06-29
Section
Articles
License

Copyright (c) 2026 International Journal of Intelligent Systems and Data Science

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.