BUG: Closing `</script>` tag not escaped for script properties

GrapesJS version

• I confirm to use the latest version of GrapesJS

What browser are you using?

Chrome Version 107.0.5304.122 (64-bit)

Reproducible demo link

https://jsfiddle.net/j5khz1gm/

Describe the bug

How to reproduce the bug?

1. Create a custom component type with the following default properties:

   {
     someText: "<\/script><svg onload='alert(1)'>",
     "script-props": ["someText"],
     script: function() {
       this.innerHTML = "";
     }
   }
   

2. Add the custom component to the canvas

3. Get the page HTML with editor.getHtml()

4. Insert the HTML into a div outside of the editor

What is the expected behavior? Expected the closing script tag to be escaped in the generated HTML. No alert dialog should appear.

What is the current behavior? The script tag is not escaped. The svg tag is displayed in the document. Using the code below in a local HTML file will always execute alert(1). For whatever reason, the alert dialog does not always appear in JSFiddle.

If is necessary to execute some code in order to reproduce the bug, paste it here below:

<link rel="stylesheet" href="https://unpkg.com/grapesjs/dist/css/grapes.min.css">
<script src="https://unpkg.com/grapesjs"></script>
<div id="grapes"></div>
<div id="html"></div>
<script>
  const editor = grapesjs.init({
    container: "#grapes",
    fromElement: true,
    storageManager: false
  });

  editor.DomComponents.addType("my-component", {
    model: {
      defaults: {
        someText: "<\/script><svg onload='alert(1)'>",
        "script-props": ["someText"],
        script: function() {
          this.innerHTML = "";
        }
      }
    }
  });

  editor.on("load", () => {
    editor.addComponents({
      type: "my-component"
    });
    document.getElementById("html").innerHTML = editor.getHtml();
  });
</script>

Code of Conduct

• I agree to follow this project's Code of Conduct