Browser notifications don't correctly escape HTML (#589458) · Issues · GitLab.org / GitLab

Browser notifications don't correctly escape HTML

<details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=589458) </details>   ### Summary When I have an MR with `<>` in it, like "Something with std::unique_ptr\<int\>", it is escaped incorrectly in the Windows/Chrome browser notification popup when it changes status, so I see it as roughly "Something with std::unique_ptr & lt ; int & gt ;" in the popup window. ### Steps to reproduce Make an MR with `<>` in the title on Windows with Chrome, enable notifications, and kick off CI. Note that the popup shows raw HTML for the `<>`. ### What is the current _bug_ behavior? The popup shows "Something with std::unique_ptr& lt ; int & gt ;" (except without the extra spaces -- I had to add them so this WYSIWYG Markdown entry window doesn't turn them into \<\>s. ### What is the expected _correct_ behavior? The popup shows "Something with std::unique_ptr\<int\>". ### Relevant logs and/or screenshots I'll attach one if I catch it. The popup only stays for a moment. ### Output of checks      #### Results of GitLab environment info  <details> <summary>Expand for output related to GitLab environment info</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: \\\\\\\\\\\\\\\`sudo gitlab-rake gitlab:env:info\\\\\\\\\\\\\\\`) (For installations from source run and paste the output of: \\\\\\\\\\\\\\\`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production\\\\\\\\\\\\\\\`) </pre> </details> #### Results of GitLab application Check  <details> <summary>Expand for output related to the GitLab application check</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: \\\\\\\`sudo gitlab-rake gitlab:check SANITIZE=true\\\\\\\`) (For installations from source run and paste the output of: \\\\\\\`sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true\\\\\\\`) (we will only investigate if the tests are passing) </pre> </details> ### Possible fixes Check with Little [Bobby Tables](https://xkcd.com/327/). Fix the escaping. ### Patch release information for backports If the bug fix needs to be backported in a [patch release](https://handbook.gitlab.com/handbook/engineering/releases/patch-releases) to a version under [the maintenance policy](https://docs.gitlab.com/policy/maintenance/), please follow the steps on the [patch release runbook for GitLab engineers](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/engineers.md). Refer to the [internal "Release Information" dashboard](https://dashboards.gitlab.net/d/delivery-release_info/delivery3a-release-information?orgId=1) for information about the next patch release, including the targeted versions, expected release date, and current status. #### High-severity bug remediation To remediate high-severity issues requiring an [internal release](https://handbook.gitlab.com/handbook/engineering/releases/internal-releases/) for single-tenant SaaS instances, refer to the [internal release process for engineers](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/internal-releases/engineers.md?ref_type=heads).

issue