diff --git a/code/modules/admin/admin_fax_panel.dm b/code/modules/admin/admin_fax_panel.dm index a75f6de4003c..911527a70a64 100644 --- a/code/modules/admin/admin_fax_panel.dm +++ b/code/modules/admin/admin_fax_panel.dm @@ -124,7 +124,7 @@ break fax_paper.name = "paper — [default_paper_name]" - fax_paper.add_raw_text(params["rawText"]) + fax_paper.add_raw_text(params["rawText"], advanced_html = TRUE) if(stamp) fax_paper.add_stamp(stamp_class, params["stampX"], params["stampY"], params["stampAngle"], stamp) diff --git a/code/modules/paperwork/paper.dm b/code/modules/paperwork/paper.dm index b5ede755d62e..1cc6a2915771 100644 --- a/code/modules/paperwork/paper.dm +++ b/code/modules/paperwork/paper.dm @@ -162,9 +162,10 @@ * * font - The font to use. * * color - The font color to use. * * bold - Whether this text should be rendered completely bold. + * * advanced_html - Boolean that is true when the writer has R_FUN permission, which sanitizes less HTML (such as images) from the new paper_input */ -/obj/item/paper/proc/add_raw_text(text, font, color, bold) +/obj/item/paper/proc/add_raw_text(text, font, color, bold, advanced_html) var/new_input_datum = new /datum/paper_input( text, font, @@ -579,7 +580,7 @@ // Safe to assume there are writing implement details as user.can_write(...) fails with an invalid writing implement. var/writing_implement_data = holding.get_writing_implement_details() - add_raw_text(paper_input, writing_implement_data["font"], writing_implement_data["color"], writing_implement_data["use_bold"]) + add_raw_text(paper_input, writing_implement_data["font"], writing_implement_data["color"], writing_implement_data["use_bold"], check_rights_for(user?.client, R_FUN)) log_paper("[key_name(user)] wrote to [name]: \"[paper_input]\"") to_chat(user, "You have added to your paper masterpiece!"); @@ -666,15 +667,18 @@ var/colour = "" /// Whether to render the font bold or not. var/bold = FALSE + /// Whether the creator of this input field has the R_FUN permission, thus allowing less sanitization + var/advanced_html = FALSE -/datum/paper_input/New(_raw_text, _font, _colour, _bold) +/datum/paper_input/New(_raw_text, _font, _colour, _bold, _advanced_html) raw_text = _raw_text font = _font colour = _colour bold = _bold + advanced_html = _advanced_html /datum/paper_input/proc/make_copy() - return new /datum/paper_input(raw_text, font, colour, bold); + return new /datum/paper_input(raw_text, font, colour, bold, advanced_html) /datum/paper_input/proc/to_list() return list( @@ -682,6 +686,7 @@ font = font, color = colour, bold = bold, + advanced_html = advanced_html, ) /// A single instance of a saved stamp on paper. diff --git a/tgui/packages/tgui/interfaces/PaperSheet.tsx b/tgui/packages/tgui/interfaces/PaperSheet.tsx index 51d9841f6f3e..3cb140119c70 100644 --- a/tgui/packages/tgui/interfaces/PaperSheet.tsx +++ b/tgui/packages/tgui/interfaces/PaperSheet.tsx @@ -39,6 +39,7 @@ type PaperInput = { font?: string; color?: string; bold?: boolean; + advanced_html?: boolean; }; type StampInput = { @@ -604,6 +605,7 @@ export class PreviewView extends Component { const fontColor = value.color || default_pen_color; const fontFace = value.font || default_pen_font; const fontBold = value.bold || false; + const advancedHtml = value.advanced_html || false; let processingOutput = this.formatAndProcessRawText( rawText, @@ -612,7 +614,8 @@ export class PreviewView extends Component { paper_color, fontBold, fieldCount, - readOnly + readOnly, + advancedHtml ); output += processingOutput.text; @@ -741,16 +744,18 @@ export class PreviewView extends Component { paperColor: string, bold: boolean, fieldCounter: number = 0, - forceReadonlyFields: boolean = false + forceReadonlyFields: boolean = false, + advanced_html: boolean = false ): FieldCreationReturn => { // First lets make sure it ends in a new line + const { data } = useBackend(this.context); rawText += rawText[rawText.length] === '\n' ? '\n' : '\n\n'; // Second, parse the text using markup const parsedText = this.runMarkedDefault(rawText); // Third, we sanitize the text of html - const sanitizedText = sanitizeText(parsedText); + const sanitizedText = sanitizeText(parsedText, advanced_html); // Fourth we replace the [__] with fields const fieldedText = this.createFields(