From d8eaa5f9c4920cfda303c1568f6b20da9149af0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Miko=C5=82ajczyk?= <adrian1207@gmail.com>
Date: Mon, 10 May 2021 15:21:03 +0200
Subject: [PATCH] HTML encoding in file control

---
 src/Controls/File.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controls/File.php b/src/Controls/File.php
index fd7bfde..ef0182d 100644
--- a/src/Controls/File.php
+++ b/src/Controls/File.php
@@ -57,7 +57,7 @@ public function render()
                 'title' => trans('fluentform::controls.file.delete')
             ]));
             $content .= ' ';
-            $content .= '<a href="'.$value.'" target="_blank">'.basename($value).'</a>';
+            $content .= '<a href="'.$this->html()->encode($value).'" target="_blank">'.basename($this->html()->encode($value)).'</a>';
             $content .= '</div>';
         }