[reStructuredText] XSS in project README files

Hi, While experimenting with parser bypass techniques, I discovered that reStructuredText markup can be used to inject a stored JavaScript payload into a project `README.rst` file. ## Steps to Reproduce 1. Create a new GitLab project 2. Initialise the project by creating a `README` file 3. Set the file title to `README.rst` 4. Paste the below Payload into the file 5. Commit the file to the project and click on the link ## Proof of Concept Payload ``` `Security test link`__. __ blocked:alert(document.domain) ``` Thanks!