From 696d97ff3e2671e5740d6f8e85cde904e627d435 Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Wed, 18 Feb 2026 16:10:32 -0500 Subject: [PATCH] fix: use TrustedHTML to test for customizable support, where necessary diff --git a/packages/svelte/src/internal/client/dom/elements/customizable-select.js b/packages/svelte/src/internal/client/dom/elements/customizable-select.js index b9f20f63a8..04a3cdd191 100644 --- a/packages/svelte/src/internal/client/dom/elements/customizable-select.js +++ b/packages/svelte/src/internal/client/dom/elements/customizable-select.js @@ -1,5 +1,6 @@ import { hydrating, reset, set_hydrate_node, set_hydrating } from '../hydration.js'; import { create_comment, create_element } from '../operations.js'; +import { create_trusted_html } from '../reconciler.js'; import { attach } from './attachments.js'; /** @type {boolean | null} */ @@ -14,7 +15,7 @@ let supported = null; function is_supported() { if (supported === null) { var select = create_element('select'); - select.innerHTML = ''; + select.innerHTML = create_trusted_html(''); supported = /** @type {Element} */ (select.firstChild)?.firstChild?.nodeType === 1; } diff --git a/packages/svelte/src/internal/client/dom/reconciler.js b/packages/svelte/src/internal/client/dom/reconciler.js index 42d81a4c71..294cd9c35d 100644 --- a/packages/svelte/src/internal/client/dom/reconciler.js +++ b/packages/svelte/src/internal/client/dom/reconciler.js @@ -11,7 +11,7 @@ const policy = }); /** @param {string} html */ -function create_trusted_html(html) { +export function create_trusted_html(html) { return /** @type {string} */ (policy?.createHTML(html) ?? html); }