GitLab: Persistent XSS in Note objects

Summary: Some cache invalidation and project import logic issues enable an attacker to import a project with XSS payloads in places like MR discussions and similar places where a Note object exists. Description: There are basically 3 issues causing the XSS here: All attributes of Note objects are...