There may be situations where you would like to embed external media such as videos or other web-based html into your forms. This type of embedding can expose your forms to XSS vulnerabilities within your application.
To safely embed HTML, apply the Form.io Santize Config within your application settings. This code is a security mechanism that removes unsafe and potentially malicious content from raw HTML strings before presenting them to the end-user. Below is an example of applying the Sanitize Configuration to an embedded form within the application code. The video embed URL was applied to the Content component on the form level.