Originally posted by @koto in #4409 (comment)

I noticed one violation still in jQuery.attr, where the value of the attribute is stringified before calling setAttribute:

const policy = trustedTypes.createPolicy('a', {createScriptURL: s=>s})
jQuery(aScript, policy.createScriptURL('foo'));
Uncaught TypeError: Failed to execute 'setAttribute' on 'Element': This document requires 'TrustedScriptURL' assignment.
    at attr (jquery.js:6997)
    at access (jquery.js:3467)
    at jQuery.fn.init.attr (jquery.js:6955)
    at <anonymous>:1:6

There is a workaround via .attr hooks, but it might be worth addressing nonetheless.

It seems like this was introduced in ff75767, I suspect to workaround an IE <= 9 bug, which incorrectly stringified objects passed to setAttribute.

I'm not sure what the most elegant solution would be here, I guess it depends on whether jQuery 4 aims to support IE9. If not, it's safe not to stringify values (browser API would). If yes, then there's only a less-than-ideal option of testing for the bug? IIRC this would be a good test:

with (document.createElement('div')) {
  setAttribute('title', {toString:()=>''}); 
  getAttribute('title') === ''
}