naming a group with an ampersand seems to silently fail

Summary

When trying to name a (sub-)group (haven't tried it with a top-level group), and the new name includes an ampersand (& character), hitting the "Save Group" button, the web-ui acts like the operation took place succcessfully (no error is thrown), but the actual change seems to be silently discarded.

Steps to reproduce

As a project owner (unclear if it works as simply a maintainer/developer/etc), go to Settings -> General.. Expand the General (first) section, enter new field named "Group Name", where it contains an ampersand. Click the "Save Group" button. Verify the change has been made.

What is the current bug behavior?

The change does not take effect, but the user is not notified this will be the case, leading them to believe this operation was performed successfully

What is the expected correct behavior?

Group has the new name.

Results of GitLab environment info

Expand for output related to GitLab environment info

System information System: Current User: git Using RVM: no Ruby Version: 2.4.5p335 Gem Version: 2.7.6 Bundler Version:1.16.2 Rake Version: 12.3.1 Redis Version: 3.2.12 Git Version: 2.18.1 Sidekiq Version:5.2.1 Go Version: unknown

GitLab information Version: 11.4.7 Revision: 98f8423 Directory: /data/gitlab/opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: https://gitlab HTTP Clone URL: https://gitlab/some-group/some-project.git SSH Clone URL: git@gitlab:some-group/some-project.git Using LDAP: yes Using Omniauth: yes Omniauth Providers:

GitLab Shell Version: 8.3.3 Repository storage paths:

default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git

Possible reason

Without delving into the code, it may be related to the fact that the ampersand character is unique with regard to HTML entities using it to begin encoded characters (such as '>' being used to encode a > character).