Stored XSS on Share-popup of a directory's Gallery-view

Hi, Nice with the program launch! Congrats! I noticed that there was a Share-icon when toggling to the Gallery-view of a directory under "Nextcloud Files": {F99938} If your directory has a malicious name such as a HTML-payload: `<img src=x onerror=alert(1)>`, this HTML will run when clicking on the Share-icon: {F99937} I see that you have a proper CSP in place, but remember that Internet Explorer is not there yet: {F99939} Also, since any user could create files, a user could potentially execute this for an admin (if that admin is not using a CSP-supported browser that is). Let me know if you need more information. Regards, Frans