fix(designer-ui): Prevent certain malicious HTML from executing in raw HTML editor

[ek68794998]

Note: I have tests for this, but they will be added in a follow-up PR once this fix rolls out.

[Targeting 2.X and 3.X versions as needed. Main PR is #4553.]

• Please check if the PR fulfills these requirements

• The commit message follows our guidelines
• Tests for the changes have been added (for bug fixes/features)
• Docs have been added / updated (for bug fixes / features)

• What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

Bug fix [security]

• What is the current behavior? (You can also link to an open issue here)

Certain maliciously crafted payloads, if provided into the raw HTML editor, may permit XSS attacks. Please ping me directly if there are questions about specifics.

• What is the new behavior (if this is a feature change)?

Use of DOMParser instead of document.createElement prevents malicious HTML from being executed.

• Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)

No

• Please Include Screenshots or Videos of the intended change:

Not included as this is a security fix.

[ek68794998]

Closing as we'll be taking a slightly different fix for 3.X versions.