-
Disallow the `name` attribute on all user-provided markup · 31628907Robert Speicher authored
A malicious user was able to do something like <img src="" name="getElementById"> to override the `document.getElementById` method, which would result in JavaScript errors being thrown. See https://gitlab.com/gitlab-org/gitlab-ce/issues/3610431628907
×