fix(#286): validate backup profile names on import#329
Conversation
|
@Shreya-nipunge is attempting to deploy a commit to the Dot_NotSam's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
Important Review skippedAuto reviews are limited based on label configuration. 🏷️ Required labels (at least one) (1)
Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Description
Validate theme profile names during full settings backup import.
Previously, backup import only filtered reserved keys such as
__proto__,constructor, andprototype. Other invalid profile names could still be imported and saved intothemeProfiles.json, causing profiles to appear in the Settings dropdown while failing later profile operations that rely onisValidProfileName().This change reuses the existing profile name validation during backup import, skips invalid profile names, preserves existing prototype-pollution protections, and continues sanitizing valid imported profile settings.
Related Issue
Fixes #286
Changes Made
Added
sanitizeBackupProfiles()helper to centralize backup profile sanitization.Reused the existing
isValidProfileName()validation logic during backup import.Continued rejecting
__proto__,constructor, andprototype.Skipped invalid profile names instead of importing them.
Preserved sanitization of valid imported profile settings.
Added tests covering:
Testing
npm.cmd test git diff --checkResults:
git diff --checkpassed (only line-ending warnings were reported).Screenshots
Not applicable (no UI changes).