WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.