XSS by setting external tracker URLs to uploaded html
Can we simply disable turbolinks for these sections using something like:
<div id="some-div" data-no-turbolink> <a href="/">Home (without Turbolinks)</a> </div>
edit: nevermind, it's a redirect.
MR with patched turbolinks: https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2048
This issue has been fixed in 8.15.4, 8.14.6, and 8.13.11.
closedToggle commit list
made the issue visible to everyoneToggle commit list