diff options
| author | John McLear <john@mclear.co.uk> | 2013-12-16 03:07:50 -0800 |
|---|---|---|
| committer | John McLear <john@mclear.co.uk> | 2013-12-16 03:07:50 -0800 |
| commit | 3d8edef9261b9793027bc999759f3b7e094aacd5 (patch) | |
| tree | f576cc53f136cb753506cd288fca870c789cc8c7 | |
| parent | 58bbfd8a65e16581bc13b89f5898fdceb2563e0a (diff) | |
| parent | dd8af99e2e36e759fdc869c82a24a271742e2a5b (diff) | |
| download | etherpad-lite-3d8edef9261b9793027bc999759f3b7e094aacd5.zip | |
Merge pull request #2035 from lebrinkma/dont-die-on-bad-html
Add input validation for html param in setHTML()
| -rw-r--r-- | doc/api/http_api.md | 15 | ||||
| -rw-r--r-- | src/node/db/API.js | 15 |
2 files changed, 17 insertions, 13 deletions
diff --git a/doc/api/http_api.md b/doc/api/http_api.md index 281cc975..1ae2ea1c 100644 --- a/doc/api/http_api.md +++ b/doc/api/http_api.md @@ -285,16 +285,6 @@ sets the text of a pad * `{code: 1, message:"padID does not exist", data: null}` * `{code: 1, message:"text too long", data: null}` -#### setHTML(padID, html) - * API >= 1 - -sets the text of a pad based on HTML, HTML must be well formed. Malformed HTML will send a warning to the API log - -*Example returns:* - * `{code: 0, message:"ok", data: null}` - * `{code: 1, message:"padID does not exist", data: null}` - - #### getHTML(padID, [rev]) * API >= 1 @@ -304,15 +294,14 @@ returns the text of a pad formatted as HTML * `{code: 0, message:"ok", data: {html:"Welcome Text<br>More Text"}}` * `{code: 1, message:"padID does not exist", data: null}` -#### setHTML(padID, text) +#### setHTML(padID, html) * API >= 1 -sets the html of a pad +sets the text of a pad based on HTML, HTML must be well formed. Malformed HTML will send a warning to the API log. *Example returns:* * `{code: 0, message:"ok", data: null}` * `{code: 1, message:"padID does not exist", data: null}` - * `{code: 1, message:"text too long", data: null}` #### getAttributePool(padID) * API >= 1.2.8 diff --git a/src/node/db/API.js b/src/node/db/API.js index 00be1918..98bc8029 100644 --- a/src/node/db/API.js +++ b/src/node/db/API.js @@ -382,8 +382,23 @@ exports.getHTML = function(padID, rev, callback) }); } +/** +setHTML(padID, html) sets the text of a pad based on HTML + +Example returns: + +{code: 0, message:"ok", data: null} +{code: 1, message:"padID does not exist", data: null} +*/ exports.setHTML = function(padID, html, callback) { + //html is required + if(typeof html != "string") + { + callback(new customError("html is no string","apierror")); + return; + } + //get the pad getPadSafe(padID, true, function(err, pad) { |