Bug/59374 regression missing commit message comments in work packages after upgrade to 1501

[jjabari-op]

Ticket

59374

What are you trying to accomplish?

• Revisions (Commits in a referenced repo) are not rendered in the new activity tab
• this PR brings back this functionalilty

Screenshots

• Revisions with unmapped user:

• Revisions with mapped user:

What approach did you choose and why?

• the replaced angular activity tab implementation merged journals and revisions/commits (called changesets in our data model)
• the new primerized implementation only rendered "proper" journals
• this PR adds the implementation of merging journals and changesets
• this PR tries to bring back the revision/changeset rendering with as little effort as possible (as this seems to be a niche feature, see comments below)

Open questions/limitations:

• the replaced angular implementation calculated IDs and therefore links for the changesets as well
• the implementation in this PR does not calculate IDs for the revisions and thus cannot provide links for these "activities" (see screenshot)
  • in the angular implementation the changesets would have gotten 109 and 110 and the later journals 111 and 112
  • in the primerized implementation, the changesets do not get an ID and the later journals get 109 and 110
  • thus the IDs of activities of older work_packages and the links to them will be broken
• I cannot recommend to go down the path of adding the complexity in order to get the same ID mechanism as before
• As far as I understood, this feature is barely used and might be removed in the future - Adding complexity and effort seems not to be appropriate in this context IMO
• Additionally the polling will not pick up the latest changesets - only after a reload the changesets will be visible

Steps to test locally

• First, enable the repository module in a project
• Then go to Project Settings -> Repository
• Select your repository type (Git/SVN)
• Fill in the repository URL (e.g. init a git repo right next to the OP folder and enter ../testrepo/.git)
• Create a commit message, reference a work package using #N (where N is the work package ID)
• Sync the repo manually in the rails console repo = Repository.first; puts "Found repo: #{repo.inspect}"; repo&.fetch_changesets
  (- Optionally map an OP user (User button in the repo config page))
• The commit(s) should appear in the work package's activity tab as seen in the attached screenshot

[jjabari-op]

@wielinde I need your feedback on my open questions mentioned above. thank you!

To fix the problem, we should ensure that all potentially dangerous HTML tags are removed from the committer string. The best way to achieve this is to use a well-tested sanitization library, such as the sanitize gem, which is designed to handle various edge cases and ensure effective sanitization.

1. Install the sanitize gem if it is not already included in the project.
2. Update the render_committer_name method to use the sanitize gem to remove any potentially dangerous HTML tags from the committer string.

[akabiru]

@jjabari-op - this looks sensible, wdyt?

[jjabari-op]

@akabiru I've added the change requested by Parimal. I would appreciate your feedback when you have some spare minutes. Thank you!

[akabiru]

Nice one @jjabari-op code looks good to me, I did not manage to test against a subversion instance.

If we can resolve https://github.com/opf/openproject/pull/17594/files#r1918204882 before merge, that would be good.