All the changes are behind typeof trustedTypes !== 'undefined', so this change should only affect Chromium users (where Trusted Types is supported). Unless developers who uses Knockout wants to enforce Trusted Types, this change won't affect anyone.
Note that this only prevents DOM-based XSS, so stored and reflected XSS are still possible.
This change adds Trusted Types support to Knockout.
All the changes are behind
typeof trustedTypes !== 'undefined'
, so this change should only affect Chromium users (where Trusted Types is supported). Unless developers who uses Knockout wants to enforce Trusted Types, this change won't affect anyone.Note that this only prevents DOM-based XSS, so stored and reflected XSS are still possible.
Fixes #2579.