TypeError: Failed to execute createPolicy on TrustedTypePolicyFactory: Policy already exists (e.g. tokenizeToString) causes Cursor crash

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

After logging into Cursor, the application crashes due to a Trusted Types policy duplication error.

Cursor throws a fatal exception similar to:

TypeError: Failed to execute ‘createPolicy’ on ‘TrustedTypePolicyFactory’:
Policy with name “tokenizeToString” already exists

In some cases, additional Trusted Types violations appear, such as:

Trusted Type expected, but String received

This happens on a fresh Cursor installation with no extensions installed.
Reinstalling Cursor or even reinstalling the operating system does not resolve the issue.

The problem does not occur when running Cursor inside a virtual machine, but consistently occurs on my physical machine.

Steps to Reproduce

1.Install Cursor (fresh install, no extensions)

2.Launch Cursor

3.Log in to a Cursor account

4.Wait for background services / AI features to initialize

5.Cursor crashes with a Trusted Types policy error

Expected Behavior

Cursor should start and run normally after login without crashing.

Trusted Types policies should not be created multiple times with the same name.
If a policy already exists, it should be reused instead of calling createPolicy again.

Screenshots / Screen Recordings

2.png2523×645 25.8 KB

Operating System

Windows 10/11

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.2.44 (user setup)
VSCode Version: 1.105.1
Commit: 20adc1003928b0f1b99305dbaf845656ff81f5d0

For AI issues: which model did you use?

No AI model is being used

For AI issues: add Request ID with privacy disabled

No AI model is being used.
Request ID: N/A (privacy disabled)

Does this stop you from using Cursor

Yes - Cursor is unusable

Hey @Robert_Allen!

We fixed this exact issue in 2.3. It’s still rolling out but you might be able to find a download link in this thread, or set your update access to Early Access.

Thanks for the update — I installed the latest 2.3 Early Access build and collected full startup logs.

Unfortunately, I’m still seeing Trusted Types related errors on startup. The first blocking error is:

Trusted Type expected, but String received
This document requires 'TrustedScript' assignment.
The JavaScript Function constructor does not accept TrustedString arguments.
workbench.desktop.main.js:539

This suggests there is still a code path in the workbench calling new Function(...) or otherwise performing script/DOM modifications with plain strings while Trusted Types enforcement is enabled. As per the spec, the Function constructor only accepts TrustedScript, which ends up blocking workbench bootstrap.

Everything after that (extension host crashes, “Canceled” service calls, git/model/telemetry failures) appears to be a downstream effect of the workbench failing to initialize.

The issue reproduces even with all user extensions disabled, so it looks isolated to Cursor’s internal workbench code rather than third-party extensions.

Happy to provide trimmed logs or test additional builds if that helps.

Do you have some security software installed on your physical machine that’s not running on your VM, which could be enforcing additional CSP restrictions?

It’s looking awfully similar to this thread:

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.