Fix #3497: Invalid DText denial of service attack.

app/helpers/application_helper.rb

@@ -51,10 +51,12 @@ module ApplicationHelper
 
   def format_text(text, **options)
     raw DTextRagel.parse(text, **options)
+  rescue DTextRagel::Error => e
+    raw ""
   end
 
   def strip_dtext(text)
-    raw(DTextRagel.parse_strip(text))
+    format_text(text, strip: true)
   end
 
   def error_messages_for(instance_name)

app/presenters/wiki_page_presenter.rb

@@ -9,10 +9,6 @@ class WikiPagePresenter
     wiki_page.body
   end
 
-  def blurb
-    DTextRagel.parse_strip(excerpt.to_s)
-  end
-
   # Produce a formatted page that shows the difference between two versions of a page.
   def diff(other_version)
     pattern = Regexp.new('(?:<.+?>)|(?:[0-9_A-Za-z\x80-\xff]+[\x09\x20]?)|(?:[ \t]+)|(?:\r?\n)|(?:.+?)')

app/views/posts/index.html.erb

@@ -72,7 +72,7 @@
     <%= content_tag :link, nil, rel: "prev", href: prev_page_url %>
   <% end %>
   <% if @post_set.has_wiki? %>
-    <meta name="description" content="<%= @post_set.wiki_page.presenter.blurb %>">
+    <meta name="description" content="<%= strip_dtext(@post_set.wiki_page.presenter.excerpt) %>">
   <% else %>
     <meta name="description" content="<%= Danbooru.config.description %>">
   <% end %>

app/views/wiki_pages/show.html.erb

@@ -44,7 +44,7 @@
 <% end %>
 
 <% content_for(:html_header) do %>
-  <meta name="description" content="<%= @wiki_page.presenter.blurb %>"></meta>
+  <meta name="description" content="<%= strip_dtext(@wiki_page.presenter.excerpt) %>"></meta>
 <% end %>
 
 <%= render "secondary_links" %>

test/helpers/application_helper_test.rb

@@ -0,0 +1,14 @@
+require "test_helper"
+
+class ApplicationHelperTest < ActionView::TestCase
+  context "The application helper" do
+    context "format_text method" do
+      should "not raise an exception for invalid DText" do
+        dtext = "* a\n" * 513
+
+        assert_nothing_raised { format_text(dtext) }
+        assert_equal("", format_text(dtext))
+      end
+    end
+  end
+end