Prevent HTML injection through filenames

This commit is contained in:
Stanko K.R.
2026-03-16 17:50:31 +01:00
parent 4211e20a66
commit 8f6fca94fa
@@ -15,7 +15,7 @@ export default class extends Controller {
}
#showFileName() {
this.fileNameTarget.innerHTML = this.#file.name
this.fileNameTarget.innerText = this.#file.name
this.fileNameTarget.removeAttribute("hidden")
this.placeholderTarget.setAttribute("hidden", true)
}