Merge remote-tracking branch 'origin/dev-v7' into temp8

# Conflicts:
#	src/Umbraco.Core/StringExtensions.cs
#	src/Umbraco.Web/UI/LegacyDialogHandler.cs
#	src/Umbraco.Web/WebServices/SaveFileController.cs

src/Umbraco.Core/StringExtensions.cs

@@ -187,7 +187,6 @@ namespace Umbraco.Core
                 outputArray[i] = char.IsLetterOrDigit(inputArray[i]) ? inputArray[i] : replacement;
             return new string(outputArray);
         }
-
         private static readonly char[] CleanForXssChars = "*?(){}[];:%<>/\\|&'\"".ToCharArray();
 
         /// <summary>

src/Umbraco.Tests/Strings/StringExtensionsTests.cs

@@ -75,6 +75,17 @@ namespace Umbraco.Tests.Strings
             Assert.AreEqual(stripped, result);
         }
 
+        [TestCase("'+alert(1234)+'", "+alert1234+")]
+        [TestCase("'+alert(56+78)+'", "+alert56+78+")]
+        [TestCase("{{file}}", "file")]
+        [TestCase("'+alert('hello')+'", "+alerthello+")]
+        [TestCase("Test", "Test")]
+        public void Clean_From_XSS(string input, string result)
+        {
+            var cleaned = input.CleanForXss();
+            Assert.AreEqual(cleaned, result);
+        }
+
         [TestCase("This is a string to encrypt")]
         [TestCase("This is a string to encrypt\nThis is a second line")]
         [TestCase("    White space is preserved    ")]