NocoDB Shared Form XSS via redirect_url

The shared form-view submit handler writes the form's `redirect_url` to `window.location.href` after a same-host check that does not validate the URL scheme. A user with editor role can plant a `javascript:` URL; when an authenticated viewer submits the form, the payload executes in the NocoDB origin and can read the session token from `localStorage["nocodb-gui-v2"]`.

All NocoDB instances where shared forms are used. Attackers with editor role on any base can craft a form that executes JavaScript in the context of any authenticated viewer who submits the form, potentially stealing session tokens.

Update NocoDB to the latest patched version that validates the URL scheme in `redirect_url`. If not yet available, disable shared forms or restrict editor roles.