diff --git a/src/views/Files/FilesPage.vue b/src/views/Files/FilesPage.vue
index 8b4a52b..b796683 100644
--- a/src/views/Files/FilesPage.vue
+++ b/src/views/Files/FilesPage.vue
@@ -486,6 +486,7 @@ import {
   deleteFileModal,
   reallyDeleteInformation,
 } from "@/module/alertModal.js";
+import { escapeHtml } from "@/utils/escapeHtml.js";
 
 const router = useRouter();
 
@@ -761,7 +762,7 @@ async function deleteFile(type, id, name, source) {
         default:
           break;
       }
-      const content = `<li>[${i.type}] ${i.name}</li>`;
+      const content = `<li>[${escapeHtml(i.type)}] ${escapeHtml(i.name)}</li>`;
       srt += content;
     });
   }
@@ -790,7 +791,7 @@ function showReallyDelete() {
           break;
       }
 
-      const content = `<li>[${file.type}] ${file.name}</li>`;
+      const content = `<li>[${escapeHtml(file.type)}] ${escapeHtml(file.name)}</li>`;
       srt += content;
     });
   }
diff --git a/src/views/Upload/UploadPage.vue b/src/views/Upload/UploadPage.vue
index 6a41c33..f472480 100644
--- a/src/views/Upload/UploadPage.vue
+++ b/src/views/Upload/UploadPage.vue
@@ -330,7 +330,7 @@ function getTextWidth(text, e) {
   const processedText = text.replace(/ /g, "\u00a0");
   const hiddenSpan = document.createElement("span");
 
-  hiddenSpan.innerHTML = processedText;
+  hiddenSpan.textContent = processedText;
   hiddenSpan.style.font = window.getComputedStyle(e).font;
   hiddenSpan.style.visibility = "hidden";
   document.body.appendChild(hiddenSpan);