-
Disallow the `name` attribute on all user-provided markup · d230224fRobert Speicher authored
A malicious user was able to do something like <img src="" name="getElementById"> to override the `document.getElementById` method, which would result in JavaScript errors being thrown. See https://gitlab.com/gitlab-org/gitlab-ce/issues/36104
d230224f
×