GitLab: Stored XSS on issue comments and other pages which contain notes

Summary This report contains two XSS sanitization bypasses: The SyntaxHighlightFilter creates html from unsanitized data. This can be used to bypass the XSS filter on the server-side. ruby def highlightnodenode ... sourcepos = node.parent.attr'data-sourcepos' ... sourceposattr = sourcepos ?...