From 7dd29454e9ccf69bf3683fd7de9d6d7c1bfbd19d Mon Sep 17 00:00:00 2001
From: Lennart Brinkmann <lebrinkma@gmail.com>
Date: Sat, 14 Dec 2013 19:56:49 +0100
Subject: [PATCH 1/2] Remove duplicate doc entry for setHTML()

---
 doc/api/http_api.md | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/doc/api/http_api.md b/doc/api/http_api.md
index 281cc975..1ae2ea1c 100644
--- a/doc/api/http_api.md
+++ b/doc/api/http_api.md
@@ -285,16 +285,6 @@ sets the text of a pad
   * `{code: 1, message:"padID does not exist", data: null}`
   * `{code: 1, message:"text too long", data: null}`
 
-#### setHTML(padID, html)
- * API >= 1
-
-sets the text of a pad based on HTML, HTML must be well formed.  Malformed HTML will send a warning to the API log
-
-*Example returns:*
-  * `{code: 0, message:"ok", data: null}`
-  * `{code: 1, message:"padID does not exist", data: null}`
-
-
 #### getHTML(padID, [rev])
  * API >= 1
 
@@ -304,15 +294,14 @@ returns the text of a pad formatted as HTML
   * `{code: 0, message:"ok", data: {html:"Welcome Text<br>More Text"}}`
   * `{code: 1, message:"padID does not exist", data: null}`
 
-#### setHTML(padID, text)
+#### setHTML(padID, html)
  * API >= 1
 
-sets the html of a pad
+sets the text of a pad based on HTML, HTML must be well formed. Malformed HTML will send a warning to the API log.
 
 *Example returns:*
   * `{code: 0, message:"ok", data: null}`
   * `{code: 1, message:"padID does not exist", data: null}`
-  * `{code: 1, message:"text too long", data: null}`
 
 #### getAttributePool(padID)
  * API >= 1.2.8

From dd8af99e2e36e759fdc869c82a24a271742e2a5b Mon Sep 17 00:00:00 2001
From: Lennart Brinkmann <lebrinkma@gmail.com>
Date: Sat, 14 Dec 2013 21:14:56 +0100
Subject: [PATCH 2/2] Add input validation for html param in setHTML()

---
 src/node/db/API.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/node/db/API.js b/src/node/db/API.js
index 00be1918..98bc8029 100644
--- a/src/node/db/API.js
+++ b/src/node/db/API.js
@@ -382,8 +382,23 @@ exports.getHTML = function(padID, rev, callback)
   });
 }
 
+/**
+setHTML(padID, html) sets the text of a pad based on HTML
+
+Example returns:
+
+{code: 0, message:"ok", data: null}
+{code: 1, message:"padID does not exist", data: null}
+*/
 exports.setHTML = function(padID, html, callback)
 {
+  //html is required
+  if(typeof html != "string")
+  {
+    callback(new customError("html is no string","apierror"));
+    return;
+  }
+
   //get the pad
   getPadSafe(padID, true, function(err, pad)
   {