Fix code scanning alert no. 8: Cross-site scripting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: velo

feign-form/pom.xml

@@ -30,6 +30,11 @@
 
   <name>Open Feign Forms Core</name>
   <dependencies>
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-text</artifactId>
+      <version>1.12.0</version>
+    </dependency>
     <dependency>
       <groupId>org.projectlombok</groupId>
       <artifactId>lombok</artifactId>

feign-form/src/test/java/feign/form/Server.java

@@ -28,6 +28,7 @@
 import java.io.IOException;
 import java.util.Collection;
 import java.util.List;
+import org.apache.commons.text.StringEscapeUtils;
 import lombok.val;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.http.HttpStatus;
@@ -166,8 +167,9 @@ public ResponseEntity<String> uploadUnknownType(@RequestPart("file") MultipartFi
   @PostMapping(path = "/upload/form_data", consumes = MULTIPART_FORM_DATA_VALUE)
   public ResponseEntity<String> uploadFormData(@RequestPart("file") MultipartFile file) {
     val status = file != null ? OK : I_AM_A_TEAPOT;
+    String sanitizedFilename = StringEscapeUtils.escapeHtml4(file.getOriginalFilename());
     return ResponseEntity.status(status)
-        .body(file.getOriginalFilename() + ':' + file.getContentType());
+        .body(sanitizedFilename + ':' + file.getContentType());
   }
 
   @PostMapping(path = "/submit/url", consumes = APPLICATION_FORM_URLENCODED_VALUE)