From e34d033cc94d5a534b11f4e9d9973c9466f9f3f6 Mon Sep 17 00:00:00 2001
From: Chinsky <krauchinsky@gmail.com>
Date: Tue, 12 Feb 2013 20:43:22 +0400
Subject: [PATCH] Moved tag whitelist check to HELPERS. Removed img tag from
 whitelist.

---
 code/__HELPERS/text.dm          | 19 ++++++++++++++++++-
 code/global.dm                  |  2 +-
 code/modules/paperwork/paper.dm | 16 +---------------
 3 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/code/__HELPERS/text.dm b/code/__HELPERS/text.dm
index da9d8b34bce..a493aa9d080 100644
--- a/code/__HELPERS/text.dm
+++ b/code/__HELPERS/text.dm
@@ -140,7 +140,24 @@
 
 	return t_out
 
-
+//checks text for html tags
+//if tag is not in whitelist (var/list/paper_tag_whitelist in global.dm)
+//relpaces < with &lt;
+proc/checkhtml(var/t)
+	t = sanitize_simple(t, list("&#"="."))
+	var/p = findtext(t,"<",1)
+	while (p)	//going through all the tags
+		var/start = p++
+		var/tag = copytext(t,p, p+1)
+		if (tag != "/")
+			while (reject_bad_text(copytext(t, p, p+1), 1))
+				tag = copytext(t,start, p)
+				p++
+			tag = copytext(t,start+1, p)
+			if (!(tag in paper_tag_whitelist))	//if it's unkown tag, disarming it
+				t = copytext(t,1,start-1) + "&lt;" + copytext(t,start+1)
+		p = findtext(t,"<",p)
+	return t
 /*
  * Text searches
  */
diff --git a/code/global.dm b/code/global.dm
index 568e7a180c7..591f90cc5f7 100644
--- a/code/global.dm
+++ b/code/global.dm
@@ -28,7 +28,7 @@ var/global/list/global_map = null
 
 	//////////////
 var/list/paper_tag_whitelist = list("center","p","div","span","h1","h2","h3","h4","h5","h6","hr","pre",	\
-	"big","small","font","i","u","b","s","sub","sup","tt","br","hr","img","ol","ul","li","caption","col",	\
+	"big","small","font","i","u","b","s","sub","sup","tt","br","hr","ol","ul","li","caption","col",	\
 	"table","td","th","tr")
 var/list/paper_blacklist = list("java","onblur","onchange","onclick","ondblclick","onfocus","onkeydown",	\
 	"onkeypress","onkeyup","onload","onmousedown","onmousemove","onmouseout","onmouseover",	\
diff --git a/code/modules/paperwork/paper.dm b/code/modules/paperwork/paper.dm
index 20ec1f450d3..439bf62baf1 100644
--- a/code/modules/paperwork/paper.dm
+++ b/code/modules/paperwork/paper.dm
@@ -249,21 +249,7 @@
 		if((!in_range(src, usr) && loc != usr && !( istype(loc, /obj/item/weapon/clipboard) ) && loc.loc != usr && usr.get_active_hand() != i)) // Some check to see if he's allowed to write
 			return
 
-		t = sanitize_simple(t, list("&#"="."))
-		var/p = findtext(t,"<",1)
-		while (p)	//going through all the tags
-			var/start = p++
-			tag = copytext(t,p, p+1)
-			world << "2 [copytext(t,p, p+1)]"
-			if (tag != "/")
-				while (reject_bad_text(copytext(t, p, p+1), 1))
-					tag = copytext(t,start, p)
-					p++
-				tag = copytext(t,start+1, p)
-				world << "Tag is [tag] at [start]"
-				if (!(tag in paper_tag_whitelist))	//if it's unkown tag, disarming it
-					t = copytext(t,1,start-1) + "&lt;" + copytext(t,start+1)
-			p = findtext(t,"<",p)
+		t = checkhtml(t)
 
 		// check for exploits
 		for(var/bad in paper_blacklist)