fix: improper neutralization of user input in image wrapping code

public/src/client/topic/images.js

@@ -26,8 +26,9 @@ define('forum/topic/images', [], function () {
 			const srcExt = src.split('.').slice(1).pop();
 			const altFilename = alt.split('/').pop();
 			const altExt = altFilename.split('.').slice(1).pop();
+
 			imageEl.wrap('<a href="' + src + '" ' +
-				(!srcExt && altExt ? ' download="' + altFilename + '" ' : '') +
+				(!srcExt && altExt ? ' download="' + utils.escapeHTML(altFilename) + '" ' : '') +
 				' target="_blank" rel="noopener">');
 		}
 	};