XSS git config with alert

ZD: https://gitlab.zendesk.com/agent/tickets/19595
Reproduced: https://gitlab.com/balameb/sample-two

Description

Fun alert when using git config --global user.email 'my@email.com" onmouseover="alert(1)'. After pushing any changes navigate to the specific commit in Gitlab (or main project page) and hover over your username, the alert gets displayed.

There might be some other locations where the git username/email gets displayed, but I suppose your knowledge of where exactly is bigger than mine in that regard(already checked on project->graphs, but since < and > IS filtered out I couldn't get anything to display there).

---

/cc @DouweM