Trusted Types helps prevent DOM-based XSS to appear on Web applications.
Given that jQuery also support Trusted Types, adding support for Trusted Types to Knockout would be a good idea.
Most of the changed would be to pass given html without modification, especially if the html is a TrustedHTML.
This means if we add support for the Trusted Types AND a web developer would like to enforce Trusted Types, following code would not work.
Trusted Types helps prevent DOM-based XSS to appear on Web applications.
Given that jQuery also support Trusted Types, adding support for Trusted Types to Knockout would be a good idea.
Most of the changed would be to pass given html without modification, especially if the html is a
TrustedHTML
. This means if we add support for the Trusted Types AND a web developer would like to enforce Trusted Types, following code would not work.Instead, above code has to changed to something safer.