[trustedTypes]: Mark output from @html as untrusted

packages/svelte/src/internal/client/dom/blocks/html.js

@@ -97,7 +97,7 @@ export function html(node, get_value, svg = false, mathml = false, skip_warning
 		// Don't use create_fragment_with_script_from_html here because that would mean script tags are executed.
 		// @html is basically `.innerHTML = ...` and that doesn't execute scripts either due to security reasons.
 		/** @type {DocumentFragment | Element} */
-		var node = create_fragment_from_html(html);
+		var node = create_fragment_from_html(html, /*untrusted=*/ true);
 
 		if (svg || mathml) {
 			node = /** @type {Element} */ (get_first_child(node));

packages/svelte/src/internal/client/dom/reconciler.js

@@ -15,9 +15,13 @@ function create_trusted_html(html) {
 	return /** @type {string} */ (policy?.createHTML(html) ?? html);
 }
 
-/** @param {string} html */
-export function create_fragment_from_html(html) {
+/**
+ * @param {string} html
+ * @param {boolean} untrusted
+ */
+export function create_fragment_from_html(html, untrusted = false) {
 	var elem = document.createElement('template');
-	elem.innerHTML = create_trusted_html(html.replaceAll('<!>', '<!---->')); // XHTML compliance
+	html = html.replaceAll('<!>', '<!---->'); // XHTML compliance
+	elem.innerHTML = untrusted ? html : create_trusted_html(html);
 	return elem.content;
 }