core/file copy paste filename should be escaped

[timotheemoulin]

Description

When adding a new block core/file and editing the file name from Gutenberg, we are allowed to copy/paste HTML instead of text.

Here for example, I copied a link from a web page and my browser (Chrome, Edge) copied the full HTML and not only the text of the link.
When I paste it in my file block, the full HTML is pasted instead of the text.

Step-by-step reproduction instructions

• Create a new Gutenberg page
• Add a file block
• Upload any kind of document (media library or upload)
• Copy a link from any web page
• Paste it as the file "text"
• Save the page and reload
• The block is now broken because it is not supposed to have link inside the "text" attribute

Screenshots, screen recording, code snippet

Here is the block after pasting the HTML link instead of text.

<!-- wp:file {"id":840,"href":"https://my-website.localhost/files/my-file.pdf"} -->
<div class="wp-block-file"><a id="wp-block-file--media-9053007f-ff4e-4ed5-a41b-0c522ca93c8c" href="https://my-website.localhost/files/my-file.pdf" target="_blank" rel="noreferrer noopener"><a rel="nofollow" style="box-sizing: border-box; background-color: rgb(13, 17, 23); color: var(--fgColor-accent, var(--color-accent-fg)); font-family: -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, &quot;Noto Sans&quot;, Helvetica, Arial, sans-serif, &quot;Apple Color Emoji&quot;, &quot;Segoe UI Emoji&quot;; font-size: 14px; white-space-collapse: collapse;" href="https://hackerone.com/wordpress">https://hackerone.com/wordpress</a></a><a href="https://my-website.localhost/files/my-file.pdf" class="wp-block-file__button wp-element-button" download aria-describedby="wp-block-file--media-9053007f-ff4e-4ed5-a41b-0c522ca93c8c">Télécharger</a></div>
<!-- /wp:file -->

Environment info

No response

Please confirm that you have searched existing issues in the repo.

Yes

Please confirm that you have tested with all plugins deactivated except Gutenberg.

Yes