Output improperly sanitized

[bramz]

Describe the bug
Some characters are being rendered allowing uploaded content to inject or render data on the page.

To Reproduce
http://cdn.paste.click/ZJ2qGKLleIoaDRRbkVp5GQ

Expected behavior
Should render simple plain text with all characters properly escaped/sanitized.

Screenshots
https://cdn.discordapp.com/attachments/523599882162929664/549847817078702080/unknown.png

[ncatelli]

We should probably just add a rule to the readHandler. We are essentially just pulling the mimetype from the stored object. I can do a hotfix for this and then a subsequent better fix to add minimal rules to objects for filtering.