javascript injection validation

[sophiii]

Environment

ALL

Actual behavior:

Should dereference JavaScript characters so that attackers cannot inject javascript.

Expected behavior:

Should scan dereference XSS before upload and when the name is downloaded again.

Steps to reproduce the problem:

1. Change user name to <script> alert("xss") <\script>
2. Go to user profile and you will see the text Githubissues.
3. Githubissues is a development platform for aggregating issues.