From 9e5eb2da0824250b066fd06e85f9d133d6ef6796 Mon Sep 17 00:00:00 2001
From: Lucas Bach Bisgaard <rammi@rammi.dk>
Date: Sat, 10 Feb 2024 01:50:03 +0100
Subject: [PATCH] Remove clean xss from datatype name and alias. (#15552)

* Remove clean xss from datatype name and alias.

* Edit / and \ to the exclusions argument

* Forgot to escape the backslash

---------

Co-authored-by: Lucas Bach Bisgaard <lom@novicell.dk>
---
 src/Umbraco.Web.BackOffice/Filters/DataTypeValidateAttribute.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Umbraco.Web.BackOffice/Filters/DataTypeValidateAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/DataTypeValidateAttribute.cs
index c20061b973..165b5dbd6a 100644
--- a/src/Umbraco.Web.BackOffice/Filters/DataTypeValidateAttribute.cs
+++ b/src/Umbraco.Web.BackOffice/Filters/DataTypeValidateAttribute.cs
@@ -45,7 +45,7 @@ internal sealed class DataTypeValidateAttribute : TypeFilterAttribute
             var dataType = (DataTypeSave?)context.ActionArguments["dataType"];
             if (dataType is not null)
             {
-                dataType.Name = dataType.Name?.CleanForXss('[', ']', '(', ')', ':');
+                dataType.Name = dataType.Name?.CleanForXss('[', ']', '(', ')', ':', '/', '\\');
                 dataType.Alias = dataType.Alias == null
                     ? dataType.Name!
                     : dataType.Alias.CleanForXss('[', ']', '(', ')', ':');