Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

[mpushki]

After checking my application I faced with this problem: (onFileDrop)="dropped($event)" more information about here

<tbody class="upload-name-style">
    <tr *ngFor="let item of files; let i=index">
        <td><strong>{{ item.relativePath }}</strong></td>
    </tr>
</tbody>

embeds untrusted data in the generated output with relativePath. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

Have you ever had to deal with such a check?