Removing malicious code from the name of a Stylesheet.

src/Umbraco.Web/UI/LegacyDialogHandler.cs

@@ -207,7 +207,7 @@ namespace Umbraco.Web.UI
 
             typeInstance.TypeID = typeId;
             typeInstance.ParentID = nodeId;
-            typeInstance.Alias = text;
+            typeInstance.Alias = text.CleanForXss();
 
             // check for returning url
             ITaskReturnUrl returnUrlTask = typeInstance as LegacyDialogTask;

src/Umbraco.Web/WebServices/SaveFileController.cs

@@ -243,7 +243,7 @@ namespace Umbraco.Web.WebServices
             // sanitize input - stylesheet names have no extension
             var svce = (FileService)Services.FileService;
 
-            filename = CleanFilename(filename);
+            filename = CleanFilename(filename.CleanForXss());
             oldName = CleanFilename(oldName);
 
             if (filename != oldName)