Don't allow text injection in our 404 page
We got a report on HackerOne by sumitthehacker:
i want to report a text injection and a misconfiguration of the 404 page
the bug exists at :
https://www.torproject.org/test/%2f../It%20has%20been%20changed%20by%20a%20new%20one%20https://www.Attacker.com%20so%20go%20to%20the%20new%20one%20since%20this%20one
as you can see attacker text is included
"It has been changed by a new one https://www.attacker.com so go to the new one since this one was not found on this server."
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information