Question: How do I prevent HTML in labels?

[robv8r]

How do I prevent users from adding HTML to a Form Field Label?

There's a configuration option called disableHTMLLabels. The description of the configuration option states that it "Disables HTML labels." Setting this value to true or false has no effect on adding HTML to labels.

The CodePen on the disableHTMLLabels page allows you to create hyperlinks in a field's label.

To recreate the issue:

1. Visit the disableHTMLLabels documentation page.
2. In the CodePen, drag a Form Field onto the Form Builder.
3. Edit the label by clicking the Pencil icon.
4. Change the value to <a href="https://www.microsoft.com" target="blank">Autocomplete</a>
5. Click "Close"
6. Click the Label that was just modified
7. A new tab opens showing Microsoft's webpage.

The preferred behavior would be to either disallow HTML in the label or escape the HTML so it isn't rendered as HTML.

If I'm missing something, I'd be grateful if someone could educate me.