fix(bbcode): fix ReDos vulnerabilities in BBCodeService (#96)

* fix(bbcode): fix ReDos of imagemap parsing

* fix(bbcode): use `regex` and add timeout to avoid too long time to parse

* feat(bbcode): use `make_tag` to generate HTML tags

* docs(bbcode): add docstrings for BBCodeService

* fix(user): validate BBCode content before processing userpage update

* fix(bbcode): catch timeout errors in BBCode parsing with MaliciousBBCodeError

* fix(bbcode): resolve reviews

* fix(bbcode): use `make_tag` in `_parse_size`

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix(bbcode): fix using `make_tag` in `_parse_size`

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

app/router/private/user.py

@@ -105,6 +105,11 @@ async def update_userpage(
         raise HTTPException(403, "Your account is restricted and cannot perform this action.")
 
     try:
+        errors = bbcode_service.validate_bbcode(request.body)
+        if errors:
+            msg = "Invalid BBCode content: " + "; ".join(errors)
+            raise UserpageError(msg)
+
         # 处理BBCode内容
         processed_page = bbcode_service.process_userpage_content(request.body)