cyberpresidentvanellope/CHOMPStation2
1
0
Fork 0
mirror of https://github.com/CHOMPStation2/CHOMPStation2.git synced 2025-12-10 02:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Moved tag whitelist check to HELPERS.

Browse Source 
Removed img tag from whitelist.
This commit is contained in:
Chinsky
2013-02-12 20:43:22 +04:00
parent fea160d6f0
commit e34d033cc9
3 changed files with 20 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
code/__HELPERS/text.dm
View File

@@ -140,7 +140,24 @@
return t_out
//checks text for html tags
//if tag is not in whitelist (var/list/paper_tag_whitelist in global.dm)
//relpaces < with &lt;
proc/checkhtml(var/t)
t = sanitize_simple(t, list("&#"="."))
var/p = findtext(t,"<",1)
while (p) //going through all the tags
var/start = p++
var/tag = copytext(t,p, p+1)
if (tag != "/")
while (reject_bad_text(copytext(t, p, p+1), 1))
tag = copytext(t,start, p)
p++
tag = copytext(t,start+1, p)
if (!(tag in paper_tag_whitelist)) //if it's unkown tag, disarming it
t = copytext(t,1,start-1) + "&lt;" + copytext(t,start+1)
p = findtext(t,"<",p)
return t
/*
* Text searches
*/

2
code/global.dm
View File

@@ -28,7 +28,7 @@ var/global/list/global_map = null
//////////////
var/list/paper_tag_whitelist = list("center","p","div","span","h1","h2","h3","h4","h5","h6","hr","pre", \
"big","small","font","i","u","b","s","sub","sup","tt","br","hr","img","ol","ul","li","caption","col", \
"big","small","font","i","u","b","s","sub","sup","tt","br","hr","ol","ul","li","caption","col", \
"table","td","th","tr")
var/list/paper_blacklist = list("java","onblur","onchange","onclick","ondblclick","onfocus","onkeydown", \
"onkeypress","onkeyup","onload","onmousedown","onmousemove","onmouseout","onmouseover", \

16
code/modules/paperwork/paper.dm
View File

@@ -249,21 +249,7 @@
if((!in_range(src, usr) && loc != usr && !( istype(loc, /obj/item/weapon/clipboard) ) && loc.loc != usr && usr.get_active_hand() != i)) // Some check to see if he's allowed to write
return
t = sanitize_simple(t, list("&#"="."))
var/p = findtext(t,"<",1)
while (p) //going through all the tags
var/start = p++
tag = copytext(t,p, p+1)
world << "2 [copytext(t,p, p+1)]"
if (tag != "/")
while (reject_bad_text(copytext(t, p, p+1), 1))
tag = copytext(t,start, p)
p++
tag = copytext(t,start+1, p)
world << "Tag is [tag] at [start]"
if (!(tag in paper_tag_whitelist)) //if it's unkown tag, disarming it
t = copytext(t,1,start-1) + "&lt;" + copytext(t,start+1)
p = findtext(t,"<",p)
t = checkhtml(t)
// check for exploits
for(var/bad in paper_blacklist)