Merge pull request from GHSA-fr2w-mp56-g4xp

* Enforce file download for attachments table(s)

* Enforce file download for attachment in 'StockItemTestResult' table

InvenTree/templates/js/translated/attachment.js

@@ -228,7 +228,7 @@ function loadAttachmentTable(url, options) {
 
                         var html = `<span class='fas ${icon}'></span> ${filename}`;
 
-                        return renderLink(html, value);
+                        return renderLink(html, value, {download: true});
                     } else if (row.link) {
                         var html = `<span class='fas fa-link'></span> ${row.link}`;
                         return renderLink(html, row.link);

InvenTree/templates/js/translated/stock.js

@@ -1358,7 +1358,8 @@ function loadStockTestResultsTable(table, options) {
                     var html = value;
 
                     if (row.attachment) {
-                        html += `<a href='${row.attachment}'><span class='fas fa-file-alt float-right'></span></a>`;
+                        var text = `<span class='fas fa-file-alt float-right'></span>`;
+                        html += renderLink(text, row.attachment, {download: true});
                     }
 
                     return html;

InvenTree/templates/js/translated/tables.js

@@ -184,6 +184,13 @@ function renderLink(text, url, options={}) {
 
     var max_length = options.max_length || -1;
 
+    var extra = '';
+
+    if (options.download) {
+        var fn = url.split('/').at(-1);
+        extra += ` download='${fn}'`;
+    }
+
     // Shorten the displayed length if required
     if ((max_length > 0) && (text.length > max_length)) {
         var slice_length = (max_length - 3) / 2;
@@ -194,7 +201,7 @@ function renderLink(text, url, options={}) {
         text = `${text_start}...${text_end}`;
     }
 
-    return '<a href="' + url + '">' + text + '</a>';
+    return `<a href='${url}'${extra}>${text}</a>`;
 }