XSS in origin/save

Save code now is vulnerable to XSS attack.

Steps to reproduce-

Remove the validation from client side (with dev tools)

https://github.com/%3Cscript%3Ealert(document.domain);%3C/script%3E

We should add more validations at the server side to prevent such urls from entering into the database.

Migrated from T1690 (view on Phabricator)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information