CSS Injection Vulnerability

[makuga01]

When using the DOMPurify library to sanitize HTML from malicious code here, the library doesn't sanitize CSS style tags. These can be used to change the website's appearance and possibly to pull off clickjacking attacks. - https://portswigger.net/web-security/clickjacking

PoC: https://flatgithub.202132.xyz/makuga01/csv-test?filename=css.csv&sha=9cfecff99206e7a11716d14b48a2edb9c16ce0c1

I suggest adding using a DOMPurify config like this one:

const dompurifyConfig = {
  FORBID_TAGS: ['style', 'form'],
}
const sanitized = DOMPurify.sanitize(displayValue, dompurifyConfig);

I also added HTML forms to the forbidden tags as they can be used for creating a fake login screen

[makuga01]

PR here: #34