HTML tags in commit subject not escaped
Summary
When adding a commit whose subject contains HTML, that HTML is rendered in the MR view (possibly in other views as well).
Steps to reproduce
- Open a Merge Request for a new branch
- Add a commit to the branch, containing an HTML tag in the subject line (e.g.
<pre>
in the example below) - Push the branch
- Observe the discussion note created
Expected behavior
The html-escaped subject should be in the discussion note.
Relevant logs and/or screenshots
Observed in 8.6.1 (a96d737b)
For example, this was my commit subject line:
Used <pre> in frontend debug response field
And this was the result: