XSS by setting external tracker URLs to uploaded html

Steps to reproduce

  1. Upload html file as attachment to any comment on a project
  2. Set up service, such as Redmine
  3. Set project URLs to uploaded html file's URL
  4. Enable and save service
  5. Click issues link on project
  6. Turbolinks will execute the file

Screenshot

Screen_Shot_2016-12-20_at_00.24.32__50_