Cross site scripting vulnerability fixed on pixeldrain.com

Last Monday (4th of december) pixeldrain.com was patched with a security fix. The vulnerability was only in the front-end, your files were not at risk.

Here's what changed:

• XSS vulnerability fixed on file viewer page. File names and descriptions containing javascript would be executed.
• XSS vulnerability fixed on the list viewer page. List names and descriptions containing javascript would be executed.

Escape characters (&, ", < and >) will now be turned into HTML entities before being displayed.

Thanks to user Hangyi for privately disclosing these issues to me through reddit, and giving me time to fix the vulnerability before it became publicly known.