Fabric.js XSS via Gradient ColorStops in toSVG()

A Cross-Site Scripting (XSS) vulnerability was discovered in Fabric.js where the `color` field in `fabric.Gradient.colorStops` is not properly escaped during SVG serialization via `toSVG()`, allowing injection of arbitrary HTML/SVG.

Applications using Fabric.js that allow user-controlled input in gradient color values and render the generated SVG string into the DOM without sanitization.

Update Fabric.js to a patched version once available, or sanitize SVG output before inserting into the DOM.