XSS in origin/save

Save code now is vulnerable to XSS attack.

Steps to reproduce-

Remove the validation from client side (with dev tools)

https://github.com/%3Cscript%3Ealert(document.domain);%3C/script%3E

We should add more validations at the server side to prevent such urls from entering into the database.

Migrated from T1690 (view on Phabricator)