Potential XSS vulnerability.

[RahulKhandelwal17]

We are doing R&D on form.io JS library, while doing research we found a potential XSS vulnerability.
The issue arises when specific text is entered during the addition of a component.
To replicate, drag and drop a component and paste the following code into the Tooltip text area:

<img src=x onerror=window.open('https://www.google.com/');>

Immediately after pasting, it triggers a new tab to open.
Additionally, once saved or if any further modification is made to the form, it causes redirections with each action.

JavaScript.Powered.Forms.and.Form.io.SDK.-.Google.Chrome.2024-01-04.17-00-32.mp4

[brendanbond]

Hey thanks @RahulKhandelwal17 - we're aware of this issue and it will be fixed in the next coming version.

[lane-formio]

Fixed by: #5392