Self XSS at translation page through Editor Link at demo.weblate.org

User input is not sanitized properly at Editor link causing self xss. **Steps to reproduce** 1) Navigate to https://demo.weblate.org/accounts/profile/#preferences 2) Provide Editor link as javaScript:alert(document.cookie);//confirm(1); and click on Save 3) Navigate to English Translation page of the project at https://demo.weblate.org/translate/hello/master/en_GB/?type=all 4) Click on the main.c under Source Information 5) Self XSS executes showing user cookie Mitigation: Proper server side filtering of user input