Issues description created from vulnerabilities is escaped twice
Summary
When creating Issues from Vulnerabilities, the description is escaped twice.
Steps to reproduce
- Find a Vulnerability with HTML code in the description (
message
). Example:This is a <br /> test
- Create an issue from this vulnerability
- The Issue description is
This is a <br /> test
Example Project
https://gitlab.com/gitlab-org/gitlab/-/issues/336942
Note that the title has the same original content, and renders correctly.
What is the current bug behavior?
The description is escaped twice, altering the original content.
What is the expected correct behavior?
Original content. Issues descriptions are already escaped anyway.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
Edited by Philippe Lafoucrière