fix: prevent user-entered text with | characters from being truncated in activity feed (#8844)

Prevents a variety of user-entered texts that can contain `|` characters from being truncated in the activity feed, affecting: issue & PR titles, comment content, review comments, and review dismissal comments.

Where `action.content` was containing a pipe-separated list of UI data fields before, it now uses a JSON-encoded string array.  The old format is still supported for reading from the feed.  In some places where `action.content` was not using this format, or where user-generated text was not inserted, the old format is retained.

Fixes part of the cause behind #8781, allowing small mermaid graphs to be rendered in the feed (for now...) --
![image](/attachments/4de98825-4fb7-4b5d-87c3-bd54d6f0a1d1)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8844
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>

tests/integration/user_dashboard_test.go

@@ -87,3 +87,38 @@ func TestDashboardTitleRendering(t *testing.T) {
 		assert.Equal(t, 6, count)
 	})
 }
+
+func TestDashboardActionEscaping(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
+		sess := loginUser(t, user4.Name)
+
+		repo, _, f := tests.CreateDeclarativeRepo(t, user4, "",
+			[]unit_model.Type{unit_model.TypePullRequests, unit_model.TypeIssues}, nil,
+			[]*files_service.ChangeRepoFile{},
+		)
+		defer f()
+
+		issue := createIssue(t, user4, repo, "Issue with | in title", "Hey here's a | for you")
+
+		_, err := issue_service.CreateIssueComment(db.DefaultContext, user4, repo, issue, "Comment with a | in it", nil)
+		require.NoError(t, err)
+
+		testIssueClose(t, sess, repo.OwnerName, repo.Name, strconv.Itoa(int(issue.Index)), false)
+
+		response := sess.MakeRequest(t, NewRequest(t, "GET", "/"), http.StatusOK)
+		htmlDoc := NewHTMLParser(t, response.Body)
+
+		count := 0
+		htmlDoc.doc.Find("#activity-feed .flex-item-main .title").Each(func(i int, s *goquery.Selection) {
+			count++
+			assert.Equal(t, "Issue with | in title", s.Text())
+		})
+		htmlDoc.doc.Find("#activity-feed .flex-item-main .markup").Each(func(i int, s *goquery.Selection) {
+			count++
+			assert.Equal(t, "Comment with a | in it\n", s.Text())
+		})
+
+		assert.Equal(t, 4, count)
+	})
+}