Optional input() argument to sanitize input return data.

ID:1913933
 
Aug 9 2015, 6:08 am
Redundant
Applies to:DM Language
Status: Redundant
This feature has already been implemented, or is already achievable with existing methods.
Sanitizing input data, and ensuring that data returned by input() is currently a bit of a pain in the ass, you either have to write a custom proc to wrap around the data returned by input, or you have to write a proc that can be replaced by input(), but that won't work due to the face that input() also accepts calls like this

input("Select a gender for your character.","Your Gender",usr.gender) in list("male","female","neuter")


A possible solution would either be an addition to input() e.g.

input(Usr=usr,Message,Title,Default,Sanitize) as Type in List


Or, a new proc, called safe_input which will strip HTML tags from input() e.g.

safe_input(Usr=usr,Message,Title,Default) as Type in List
Aug 9 2015, 6:31 am
In your example:
input("Select a gender for your character.","Your Gender",usr.gender) in list("male","female","neuter")

Can you give me an example of what's wrong with that? What 'sanitizing' will then need to be done on this?

It all looks pretty fine to me.
Aug 9 2015, 6:43 am
There is nothing wrong with that, but you cannot create a custom proc that has the same type of arguments iirc, so that is what blocks me from writing a custom proc that will replace input() via preprocessor macros.

There however is a lot wrong with using plain input() with no sanitation.
Aug 9 2015, 6:57 am
In response to ErikHanson
Alright. I'm having trouble understanding exactly what you want to do. Can you give an example of a use of input() where it doesn't do what you want it to do so needs to be fixed?

Then I can see why you need something changed and maybe I can think of way around that.
Aug 9 2015, 8:59 am
I currently have to sanitize text by adding a seperate proc to my code, and calling that with the output of input(), but instead of wrapping my proc around input() i would love to have a way to have either input() sanitize the user input via a seperate arg, or a new proc e.g. safe_input that properly strips HTML from user input.

/proc/strip_html_simple(t,limit=MAX_MESSAGE_LEN)
    var/list/strip_chars = list("<",">")
    t = copytext(t,1,limit)
    for(var/char in strip_chars)
        var/index = findtext(t, char)
        while(index)
            t = copytext(t, 1, index) + copytext(t, index+1)
            index = findtext(t, char)
    return t


Aug 9 2015, 9:56 am
I see no reason for this, especially when you can obviously do it easy enough in soft-code. The input can be sanitized just fine using existing methods such as the proc you showed and html_encode().
Aug 9 2015, 9:56 am
Nadrew resolved issue (Redundant)