Disallow data-links
Dev: https://dev.gitlab.org/gitlab/gitlabhq/issues/2652#note_68246
Description
When using links as [click this link](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
an external HTML page is served with body . This is not an XSS issue and there is no vulnerability associated as the JS is not executed in the scope of GitLab and doesn't have access to its cookies but it make it worth disallowing data-links.