fix: mitigate "sequential @import chaining" vulnerability (#5616)

* `test/e2e-cypress/tests/features/xss/` -> `test/e2e-cypress/tests/security`

* add tests

* filter <style> tags out of Markdown fields

* initialize OAuth inputs without applying `value` attribute

test/e2e-cypress/tests/security/oauth2.js

@@ -0,0 +1,23 @@
+describe("XSS: OAuth2 authorizationUrl sanitization", () => {
+  it("should filter out a javascript URL", () => {
+    cy.visit("/?url=/documents/security/xss-oauth2.yaml")
+      .window()
+      .then(win => {
+        let args = null
+        const stub = cy.stub(win, "open", (...callArgs) => {
+          args = callArgs
+        }).as("windowOpen")
+
+        cy.get(".authorize")
+          .click()
+          .get(".modal-btn.authorize")
+          .click()
+          .wait(100)
+          .then(() => {
+            console.log(args)
+            expect(args[0]).to.match(/^about:blank/) 
+          })
+
+      })
+  })
+})