From a6a30e7bc96cd2081707388046c0259870533da6 Mon Sep 17 00:00:00 2001
From: fuzegit <fuze@instantcms.ru>
Date: Wed, 16 Aug 2023 01:01:03 +0300
Subject: [PATCH] Fix file field xss

---
 templates/modern/js/files.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/modern/js/files.js b/templates/modern/js/files.js
index a3aa6bb5a..3d8e921fb 100755
--- a/templates/modern/js/files.js
+++ b/templates/modern/js/files.js
@@ -6,7 +6,7 @@ icms.files = (function ($) {
 
     this.onDocumentReady = function(){
         $('.custom-file-input').on('change',function(){
-            $(this).next('.custom-file-label').html($(this).val().replace('C:\\fakepath\\', ''));
+            $(this).next('.custom-file-label').text($(this).val().replace('C:\\fakepath\\', ''));
         });
     };