fix: CWE-79: Cross-Site Scripting & CWE-732: Insecure File Permissions

fix: CWE-79: Cross-Site Scripting & CWE-732: Insecure File Permissions #167