Skip to content

Commit

Permalink
Merge pull request tgstation#7471 from Menshin/properly_propelled_san…
Browse files Browse the repository at this point in the history
…itization

HTML sanitization tweaking
  • Loading branch information
Razharas committed Feb 5, 2015
2 parents f5359ab + c9ffb2e commit b936324
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 23 deletions.
75 changes: 53 additions & 22 deletions code/__HELPERS/text.dm
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,12 @@
return t

//Removes a few problematic characters
/proc/sanitize_simple(var/t,var/list/repl_chars = list("\n"="#","\t"="#",""=""))
/proc/sanitize_simple(var/t,var/list/repl_chars = list("\n"="#","\t"="#"))
for(var/char in repl_chars)
var/index = findtext(t, char)
while(index)
t = copytext(t, 1, index) + repl_chars[char] + copytext(t, index+1)
index = findtext(t, char)
index = findtext(t, char, index+1)
return t

//Runs byond's sanitization proc along-side sanitize_simple
Expand Down Expand Up @@ -147,32 +147,63 @@

return t_out

//this proc strips html properly, but it's not lazy like the other procs.
//this means that it doesn't just remove < and > and call it a day. seriously, who the fuck thought that would be useful.
//this proc strips html properly, this means that it removes everything between < and >, and between "http" and "://"
//also limit the size of the input, if specified to
/proc/strip_html_properly(var/input,var/max_length=MAX_MESSAGE_LEN)
if(!input)
return
var/opentag = 1 //These store the position of < and > respectively.
var/closetag = 1
while(1)
opentag = findtext(input, "<")
closetag = findtext(input, ">")
if(closetag && opentag)
if(closetag < opentag)
input = copytext(input, (closetag + 1))
else
input = copytext(input, 1, opentag) + copytext(input, (closetag + 1))
else if(closetag || opentag)
if(opentag)
input = copytext(input, 1, opentag)
else
input = copytext(input, (closetag + 1))
else
break

if(max_length)
input = copytext(input,1,max_length)
return input

var/sanitized_output
var/next_html_tag = findtext(input, "<")
var/next_http = findtext(input, "http", 1, next_html_tag)

//the opening and closing of the expression to skip, e.g '<' and '>'
var/opening = non_zero_min(next_html_tag, next_http)
var/closing

sanitized_output = copytext(input, 1, opening)

while(next_html_tag || next_http)

//we treat < ... >
if(opening == next_html_tag)
closing = findtext(input, ">", opening + 1)
if(closing)
next_html_tag = findtext(input, "<", closing)
next_http = findtext(input, "http", closing, next_html_tag)
else //no matching ">"
next_html_tag = 0

//we treat "http(s)://"
else
closing = findtext(input, "://", opening + 1)
if(closing)
closing += 2 //skip these extra //
next_http = findtext(input, "http", closing)
next_html_tag = findtext(input, "<", closing, next_http)
else //no matching "://"
next_http = 0

//check if we've something to skip
if(closing)
opening = non_zero_min(next_html_tag, next_http)
sanitized_output += copytext(input, closing + 1, opening)

sanitized_output += copytext(input, opening) //don't forget the remaining text

return sanitized_output

//strip_html_properly helper proc that returns the smallest non null of two numbers
//or 0 if they're both null (needed because of findtext returning 0 when a value is not present)
/proc/non_zero_min(var/a, var/b)
if(!a)
return b
if(!b)
return a
return (a < b ? a : b)

/*
* Text searches
Expand Down
2 changes: 1 addition & 1 deletion code/datums/diseases/advance/advance.dm
Original file line number Diff line number Diff line change
Expand Up @@ -396,7 +396,7 @@ var/list/advance_cures = list(

if(D.symptoms.len > 0)

var/new_name = input(user, "Name your new disease.", "New Name")
var/new_name = stripped_input(user, "Name your new disease.", "New Name")
if(!new_name)
return
D.AssignName(new_name)
Expand Down

0 comments on commit b936324

Please sign in to comment.