Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee

1 files changed, 11 insertions, 0 deletions

diff --git a/app/models/user.rb b/app/models/user.rb
index 5fbd6271589..3879eb51371 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1257,12 +1257,23 @@ class User < ApplicationRecord
   end
 
   def sanitize_attrs
+    sanitize_links
+    sanitize_name
+  end
+
+  def sanitize_links
     %i[skype linkedin twitter].each do |attr|
       value = self[attr]
       self[attr] = Sanitize.clean(value) if value.present?
     end
   end
 
+  def sanitize_name
+    return unless self.name
+
+    self.name = self.name.gsub(%r{</?[^>]*>}, '')
+  end
+
   def set_notification_email
     if notification_email.blank? || all_emails.exclude?(notification_email)
       self.notification_email = email