add security e2e test

cypress/integration/security.spec.js

@@ -0,0 +1,16 @@
+/* global cy */
+import { editorVisible } from '../support'
+
+describe('security', () => {
+  it('should not alert from bg query parameter', () => {
+    const stub = cy.stub()
+    cy.on('window:alert', stub)
+
+    // https://github.com/carbon-app/carbon/issues/192
+    cy.visit(`?bg=rgba(171, 184, 195, 1)</style><img src="" onerror="alert('xss')" /><!--`)
+
+    editorVisible()
+
+    expect(stub).not.to.be.called
+  })
+})