HTML tags in title updates are sometimes not escaped

Summary

HTML tags in title updates are sometimes not escaped.

Steps to reproduce

1. Create an issue with HTML tags in the title, e.g. “Support tags <a> and <b>”.
2. Update the title with more tags, e.g. “Support the tags <a>, <i>, and <b>”.

Example Project

See here, which is the project where I've noticed that behaviour.

What is the current bug behavior?

The update note thingy will not escape the tags, leading to broken mark-up.

What is the expected correct behavior?

The update note thingy properly escapes tags.

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com.

Possible fixes

Escape the title in the update note thingy.