Check for stored XSS vulnerability in draw.io < 18.0.0

[davidjgraph]

Versions of draw.io prior to 18.0.0 are susceptible to the stored XSS attack described at https://huntr.dev/bounties/033d3423-eb05-4b53-a747-1bfcba873127/ if they do not have an appropriate CSP to block unsafe-inline script.

I don't know if this project bundles draw.io, but if it does I would test against the test case and update to 18.0.0 is found to be susceptible.