From c5c720b1c98fed4de568b65929bfe85d60f3466d Mon Sep 17 00:00:00 2001
From: Greyson Parrelli <greyson@signal.org>
Date: Thu, 26 Mar 2026 15:57:36 -0400
Subject: [PATCH] Enforce length limits on link preview fields.

---
 .../securesms/linkpreview/LinkPreview.java    | 22 ++++++++++++-------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreview.java b/app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreview.java
index 67b5340d20..7b03d88c95 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreview.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/linkpreview/LinkPreview.java
@@ -21,6 +21,8 @@ import java.util.Optional;
 
 public class LinkPreview implements Parcelable {
 
+  private static final int MAX_FIELD_LENGTH = 500;
+
   @JsonProperty
   private final String       url;
 
@@ -41,8 +43,8 @@ public class LinkPreview implements Parcelable {
 
   public LinkPreview(@NonNull String url, @NonNull String title, @NonNull String description, long date, @NonNull DatabaseAttachment thumbnail) {
     this.url          = url;
-    this.title        = title;
-    this.description  = description;
+    this.title        = truncate(title);
+    this.description  = truncate(description);
     this.date         = date;
     this.thumbnail    = Optional.of(thumbnail);
     this.attachmentId = thumbnail.attachmentId;
@@ -50,8 +52,8 @@ public class LinkPreview implements Parcelable {
 
   public LinkPreview(@NonNull String url, @NonNull String title, @NonNull String description, long date, @NonNull Optional<Attachment> thumbnail) {
     this.url          = url;
-    this.title        = title;
-    this.description  = description;
+    this.title        = truncate(title);
+    this.description  = truncate(description);
     this.date         = date;
     this.thumbnail    = thumbnail;
     this.attachmentId = null;
@@ -64,8 +66,8 @@ public class LinkPreview implements Parcelable {
                      @JsonProperty("attachmentId") @Nullable AttachmentId attachmentId)
   {
     this.url          = url;
-    this.title        = title;
-    this.description  = Optional.ofNullable(description).orElse("");
+    this.title        = truncate(title);
+    this.description  = truncate(Optional.ofNullable(description).orElse(""));
     this.date         = date;
     this.attachmentId = attachmentId;
     this.thumbnail    = Optional.empty();
@@ -73,8 +75,8 @@ public class LinkPreview implements Parcelable {
 
   protected LinkPreview(Parcel in) {
     url          = in.readString();
-    title        = in.readString();
-    description  = in.readString();
+    title        = truncate(in.readString());
+    description  = truncate(in.readString());
     date         = in.readLong();
     attachmentId = ParcelCompat.readParcelable(in, AttachmentId.class.getClassLoader(), AttachmentId.class);
     thumbnail    = Optional.ofNullable(ParcelCompat.readParcelable(in, Attachment.class.getClassLoader(), Attachment.class));
@@ -135,6 +137,10 @@ public class LinkPreview implements Parcelable {
     return attachmentId;
   }
 
+  private static @NonNull String truncate(@NonNull String value) {
+    return value.length() > MAX_FIELD_LENGTH ? value.substring(0, MAX_FIELD_LENGTH) : value;
+  }
+
   public @NonNull String serialize() throws IOException {
     return JsonUtils.toJson(this);
   }