From 7db97c68046a06b233f0be1906b10c085134fd91 Mon Sep 17 00:00:00 2001
From: Stephen Abello <stephen.abello@combodo.com>
Date: Thu, 2 Dec 2021 10:40:18 +0100
Subject: [PATCH] =?UTF-8?q?N=C2=B03835=20Upload=20file=20name=20security?=
 =?UTF-8?q?=20hardening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 templates/base/components/input/file-select/layout.js.twig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/base/components/input/file-select/layout.js.twig b/templates/base/components/input/file-select/layout.js.twig
index 1171bf679d..bfc223b2b6 100644
--- a/templates/base/components/input/file-select/layout.js.twig
+++ b/templates/base/components/input/file-select/layout.js.twig
@@ -3,6 +3,7 @@
 {% if oUIBlock.GetShowFilename() %}
     $('#{{ oUIBlock.GetId() }}').bind('change', function() {
         var fileName = $(this).val().replace(/^.*[\\\/]/, '');
+        fileName = $('<div/>').text(fileName).html();
         $('#{{ oUIBlock.GetId() }}-file-name').html(fileName);
     });
 {%  endif %}
\ No newline at end of file