Fix usage of files/dirs with script based names

Question

Fix usage of files/dirs with script based names

mattpass opened this issue 3 years ago · 0 comments

Describe the bug
Create a file with name that's potentially XSS, eg <script>alert(1)<Xscript> - can open and save it fine, but in some places it's used (eg last 10 files, tab name, multiple results etc) it has problems displaying.

To Reproduce
Steps to reproduce the behavior:

Create a file called <script>alert(1)<Xscript> with any content and save
Reload ICEcoder to see error
It will also error in other places.

Expected behavior
Handle it just as per any other file.

Additional context
It may not be executable JS, but the first part is still parsed, so needs resolving.