pref: editor iframe risk with src tag

[LIlGG]

What type of PR is this?

/kind improvement
/area editor
/milestone 2.17.x

What this PR does / why we need it:

在用户设置 iframe 相关的 src 时，检测设置的链接是否符合白名单。如果不符合则不允许设置。

see ueberdosis/tiptap#5160

How to test it?

测试在 iframe 中的 src 输入 javascript: alert("1") 时是否会触发 javascript

Does this PR introduce a user-facing change?

处理默认编辑器中 iframe 标签的 src 属性可能存在的风险

[ruibaby]

/lgtm

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.08%. Comparing base (5fdf6c0) to head (9bbf701).
Report is 271 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #6150      +/-   ##
============================================
- Coverage     56.91%   55.08%   -1.83%     
- Complexity     3319     3490     +171     
============================================
  Files           587      635      +48     
  Lines         18968    21388    +2420     
  Branches       1401     1496      +95     
============================================
+ Hits          10795    11781     +986     
- Misses         7594     9002    +1408     
- Partials        579      605      +26     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[guqing]

/lgtm

[JohnNiang]

/approve

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ui/OWNERS [JohnNiang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment