diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index b50930676..3174261a9 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -414,8 +414,16 @@ module ApplicationHelper
end
def format_activity_description(text)
- h(text.to_s.truncate(240).gsub(%r{[\r\n]*<(pre|code)>.*$}m, '...')).
- gsub(/[\r\n]+/, "
").html_safe
+ h(
+ # Limit input to avoid regex performance issues
+ text.to_s.slice(0, 10240)
+ # Abbreviate consecutive quoted lines as '> ...', keeping the first line
+ .gsub(%r{(^>.*?(?:\r?\n))(?:>.*?(?:\r?\n)+)+}m, "\\1> ...\n")
+ # Remove all content following the first or tag
+ .sub(%r{[\r\n]*<(pre|code)>.*$}m, '')
+ # Truncate the description to a specified length and append '...'
+ .truncate(240)
+ ).gsub(/[\r\n]+/, "
").html_safe
end
def format_version_name(version)
diff --git a/test/helpers/application_helper_test.rb b/test/helpers/application_helper_test.rb
index 9f2eb8405..31c87daea 100644
--- a/test/helpers/application_helper_test.rb
+++ b/test/helpers/application_helper_test.rb
@@ -2329,6 +2329,35 @@ class ApplicationHelperTest < Redmine::HelperTest
end
end
+ def test_format_activity_description_should_strip_quoted_text
+ text = <<~TEXT
+ John Smith wrote in #note-1:
+ > The quick brown fox
+ > jumps over the lazy dog.
+
+ Brick quiz whangs jumpy veldt fox.
+
+ > The five
+
+ > boxing wizards
+
+ > jump quickly.
+
+ The quick onyx goblin jumps over the lazy dwarf.
+ TEXT
+
+ expected =
+ 'John Smith wrote in #note-1:
' \
+ '> The quick brown fox
' \
+ '> ...
' \
+ 'Brick quiz whangs jumpy veldt fox.
' \
+ '> The five
' \
+ '> ...
' \
+ 'The quick onyx goblin jumps over the lazy dwarf.
'
+
+ assert_equal expected, format_activity_description(text)
+ end
+
private
def wiki_links_with_special_characters