Add protection against abuse.

This changes a test, I don't think that the returned value should
contain any non-source text fragments from a FluentNone.

Author: Pike

fluent.runtime/fluent/runtime/resolver.py

@@ -138,16 +138,28 @@ def __call__(self, env):
         if self.dirty:
             env.errors.append(FluentCyclicReferenceError("Cyclic reference"))
             return FluentNone()
+        if env.part_count > MAX_PARTS:
+            return ""
         self.dirty = True
+        elements = self.elements
+        remaining_parts = MAX_PARTS - env.part_count
+        if len(self.elements) > remaining_parts:
+            elements = elements[:remaining_parts + 1]
+            env.errors.append(ValueError("Too many parts in message (> {0}), "
+                                         "aborting.".format(MAX_PARTS)))
         retval = ''.join(
-            resolve(element(env), env) for element in self.elements
+            resolve(element(env), env) for element in elements
         )
+        env.part_count += len(elements)
         self.dirty = False
         return retval
 
 def resolve(fluentish, env):
     if isinstance(fluentish, FluentType):
         return fluentish.format(env.context._babel_locale)
+    if isinstance(fluentish, six.string_types):
+        if len(fluentish) > MAX_PART_LENGTH:
+            return fluentish[:MAX_PART_LENGTH]
     return fluentish
 
 

fluent.runtime/tests/test_bomb.py

@@ -39,5 +39,5 @@ def test_max_expansions_protection(self):
         # Without protection, emptylolz will take a really long time to
         # evaluate, although it generates an empty message.
         val, errs = self.ctx.format('emptylolz')
-        self.assertEqual(val, '???')
+        self.assertEqual(val, '')
         self.assertEqual(len(errs), 1)