Potential XSS vuln in DropLab
DropLab's templating is currently vuln to XSS. Luckily the places we're using it are likely to have their responses scrubbed, but we should make sure we fix the templating.
Now droplab is part of gitlab, we can just use underscore templating for this.