From 6baef896e9591ad95d0cdb478e9099f6fb514c7d Mon Sep 17 00:00:00 2001 From: Tobias Berger Date: Fri, 28 Nov 2025 18:25:48 +0000 Subject: [PATCH] Sanitize input (#4798) * Sanitize custom objective summary * Untouch --- .../RoundEnd/RoundEndSummaryWindow.cs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/Content.Client/RoundEnd/RoundEndSummaryWindow.cs b/Content.Client/RoundEnd/RoundEndSummaryWindow.cs index 7108e4cca8..cb088fcccc 100644 --- a/Content.Client/RoundEnd/RoundEndSummaryWindow.cs +++ b/Content.Client/RoundEnd/RoundEndSummaryWindow.cs @@ -1,9 +1,11 @@ using System.Linq; using System.Numerics; using Content.Client.Message; +using Content.Client.UserInterface.RichText; // DeltaV - Limit what tags can be used in custom objective summaries using Content.Shared.GameTicking; using Robust.Client.UserInterface.Controls; using Robust.Client.UserInterface.CustomControls; +using Robust.Client.UserInterface.RichText; // DeltaV - Limit what tags can be used in custom objective summaries using Robust.Shared.Utility; using static Robust.Client.UserInterface.Controls.BoxContainer; @@ -79,7 +81,20 @@ namespace Content.Client.RoundEnd if (!string.IsNullOrEmpty(roundEnd)) { var roundEndLabel = new RichTextLabel(); - roundEndLabel.SetMarkup(roundEnd); + // Begin DeltaV - Limit what tags can be used in custom objective summaries + roundEndLabel.SetMessage( + FormattedMessage.FromMarkupPermissive(roundEnd), + [ + typeof(BoldItalicTag), + typeof(BoldTag), + typeof(BulletTag), + typeof(ColorTag), + typeof(HeadingTag), + typeof(ItalicTag), + typeof(MonoTag) + ] + ); + // End DeltaV - Limit what tags can be used in custom objective summaries roundEndSummaryContainer.AddChild(roundEndLabel); }