As a contributor, create a blank form and add custom html field with the following content in the "Text" tab of the field editor:
<p>Some description about this section</p><p><iframe srcdoc="<script>alert(document.cookie)</script>"></iframe></p>
Do not decode the payload. And please ensure that payload is added when editor has Text tab selected. Save the form, it will trigger xss payload.