Found by @sirdarckcat: It's still possible to execute the JS bypassing the policy by directly manipulating the HTMLAnchorElement properties like protocol, pathname etc. a.href = TrustedTypes.create...