Merge pull request #3498 from evazion/fix-3497

Fix #3497: Invalid DText denial of service attack

app/helpers/application_helper.rb

@@ -51,10 +51,12 @@ module ApplicationHelper
 
   def format_text(text, **options)
     raw DTextRagel.parse(text, **options)
+  rescue DTextRagel::Error => e
+    raw ""
   end
 
   def strip_dtext(text)
-    raw(DTextRagel.parse_strip(text))
+    format_text(text, strip: true)
   end
 
   def error_messages_for(instance_name)

app/presenters/wiki_page_presenter.rb

@@ -9,10 +9,6 @@ class WikiPagePresenter
     wiki_page.body
   end
 
-  def blurb
-    DTextRagel.parse_strip(excerpt.to_s)
-  end
-
   # Produce a formatted page that shows the difference between two versions of a page.
   def diff(other_version)
     pattern = Regexp.new('(?:<.+?>)|(?:[0-9_A-Za-z\x80-\xff]+[\x09\x20]?)|(?:[ \t]+)|(?:\r?\n)|(?:.+?)')

app/views/posts/index.html.erb

@@ -72,7 +72,7 @@
     <%= content_tag :link, nil, rel: "prev", href: prev_page_url %>
   <% end %>
   <% if @post_set.has_wiki? %>
-    <meta name="description" content="<%= @post_set.wiki_page.presenter.blurb %>">
+    <meta name="description" content="<%= strip_dtext(@post_set.wiki_page.presenter.excerpt) %>">
   <% else %>
     <meta name="description" content="<%= Danbooru.config.description %>">
   <% end %>

app/views/wiki_pages/show.html.erb

@@ -44,7 +44,7 @@
 <% end %>
 
 <% content_for(:html_header) do %>
-  <meta name="description" content="<%= @wiki_page.presenter.blurb %>"></meta>
+  <meta name="description" content="<%= strip_dtext(@wiki_page.presenter.excerpt) %>"></meta>
 <% end %>
 
 <%= render "secondary_links" %>