This repository was archived by the owner on Dec 14, 2023. It is now read-only.
This repository was archived by the owner on Dec 14, 2023. It is now read-only.
Fix usage of files/dirs with script based names #989
Open
Description
Describe the bug
Create a file with name that's potentially XSS, eg <script>alert(1)<Xscript> - can open and save it fine, but in some places it's used (eg last 10 files, tab name, multiple results etc) it has problems displaying.
To Reproduce
Steps to reproduce the behavior:
- Create a file called
<script>alert(1)<Xscript>with any content and save - Reload ICEcoder to see error
- It will also error in other places.
Expected behavior
Handle it just as per any other file.
Additional context
It may not be executable JS, but the first part is still parsed, so needs resolving.