Unescape and sanitize protected tag name on create and update
What does this MR do and why?
The frontend escapes the names of tags when listing the names in the dropdown. It also submits the escaped name as the tag to protect when creating a protected tag.
To fix it, we unescape and sanitize the name so it matches the appropriate tag name to be protected.
Same fix as https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/1953 but intentionally fixing this in canonical based on https://gitlab.com/gitlab-org/gitlab/-/issues/346618#note_744644199.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Create a protected tag named
tag->name
with "No One" allowed to create. - As any user, create a tag with
tag->name
, it should fail since it's protected.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #346618