Relative links in Vulnerability modal not clickable

When we fixed https://gitlab.com/gitlab-org/gitlab-ce/issues/52551 I dis-allowed the links in the modal to be relative. This breaks the links to files for us. Now links to files are not clickable:

Relevant code: ee/app/assets/javascripts/vue_shared/components/is_safe_url.js

Possible solutions:

Allow relative URLs

Group Security Dashboard

The Group Security Dashboard does not have the data exposed yet. Mainly there is no field provided by backend which we could use to link to the exact commit of the file. Proposal:

Expose a field which contains:

"#{project_path}/blob/#{commit_ref_of_pipeline}/#{file_path}\##L{line_start}-{line_end}. As per discussion with @gonzoyumo this field should be named something like blob_path and be located in vulnerability.location

Security Reports (MR, Pipeline, Project)

The Data is available in the Frontend (blob_path, file path), needs to be concatenated

Edited Mar 28, 2019 by Lukas Eipert