Fix #4678: Validate custom CSS.

* Make it an error to add invalid custom CSS to your account. * Add a fix script to remove custom CSS from all accounts with invalid CSS.
2022-01-15 23:20:15 -06:00
parent c455c08b2c
commit acf565be7b
8 changed files with 70 additions and 2 deletions
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -268,5 +268,20 @@ class UserTest < ActiveSupport::TestCase
        assert_equal([user3.id], User.search(name: "bar\\\*baz").map(&:id))
      end
    end
+
+    context "custom CSS" do
+      should "raise a validation error on invalid custom CSS" do
+        user = build(:user, custom_style: "}}}")
+
+        assert_equal(true, user.invalid?)
+        assert_match(/Custom CSS contains a syntax error/, user.errors[:base].first)
+      end
+
+      should "allow blank CSS" do
+        user = build(:user, custom_style: " ")
+
+        assert_equal(true, user.valid?)
+      end
+    end
  end
 end