billboard.js is vulnerable to XSS during chart option binding

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...