Add html_escape to some externalized strings
What does this MR do and why?
Related to #374091 (comment 1108087305). Instead of html_safe
(marks a string as trusted), use html_escape
(sanitizes strings) on externalized strings to improve security.
Screenshots or screen recordings
No visual changes
How to set up and validate locally
- visit the modified pages:
-
<gitlab>/-/profile/gpg_keys
- Sample GPG key
-----BEGIN PGP PUBLIC KEY BLOCK----- mDMEWZz/eRYJKwYBBAHaRw8BAQdAbEtu3px60L3UMgZK2uU7FRUDCaz4v+1uHTkK PGu2LQy0HnRlc3QgbmFtZSA8dGVzdGVtYWlsQHRlc3QuY29tPoiQBBMWCgA4FiEE 0+eu7gj8Pykrh9fQTupXY000+ZMFAlmc/3kCGwMFCwkIBwMFFQoJCAsFFgIDAQAC HgECF4AACgkQTupXY000+ZNnXwEAnUIBdOIZS1GAA6Qua3XhqI8MBeRO5cLTm1Li em2SjsAA/0m/ggFo8A0kCKOtx//dsThLG7fP+txlNv1yNRQhTtEM =CtOq -----END PGP PUBLIC KEY BLOCK-----
<group>/-/settings/access_tokens
<group>/-/settings/ci_cd
-
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.