From f6fda79c58343eca1fd9c732334d7640ff1786df Mon Sep 17 00:00:00 2001
From: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
Date: Wed, 24 Nov 2021 11:58:47 -1000
Subject: [PATCH] Explain GetRandomFileName /2 (#24058)

---
 aspnetcore/blazor/file-uploads.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/aspnetcore/blazor/file-uploads.md b/aspnetcore/blazor/file-uploads.md
index ac34db172a..54fbea2feb 100644
--- a/aspnetcore/blazor/file-uploads.md
+++ b/aspnetcore/blazor/file-uploads.md
@@ -359,6 +359,8 @@ public class FilesaveController : ControllerBase
 }
 ```
 
+In the preceding code, <xref:System.IO.Path.GetRandomFileName%2A> is called to generate a secure filename. Never trust the filename provided by the browser, as an attacker may choose an existing filename that overwrites an existing file or send a path that attempts to write outside of the app.
+
 ## File streams
 
 ::: zone pivot="webassembly"