Merge branch 'security-fix-uri-xss-applications-11-3' into 'security-11-3'
[11.3] Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols See merge request gitlab/gitlabhq!2581
[11.3] Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols See merge request gitlab/gitlabhq!2581