Skip to content

fix(#286): validate backup profile names on import#329

Open
Shreya-nipunge wants to merge 1 commit into
SamXop123:mainfrom
Shreya-nipunge:fix-286-validate-backup-profile-names
Open

fix(#286): validate backup profile names on import#329
Shreya-nipunge wants to merge 1 commit into
SamXop123:mainfrom
Shreya-nipunge:fix-286-validate-backup-profile-names

Conversation

@Shreya-nipunge

Copy link
Copy Markdown
Contributor

Description

Validate theme profile names during full settings backup import.

Previously, backup import only filtered reserved keys such as __proto__, constructor, and prototype. Other invalid profile names could still be imported and saved into themeProfiles.json, causing profiles to appear in the Settings dropdown while failing later profile operations that rely on isValidProfileName().

This change reuses the existing profile name validation during backup import, skips invalid profile names, preserves existing prototype-pollution protections, and continues sanitizing valid imported profile settings.

Related Issue

Fixes #286

Changes Made

  • Added sanitizeBackupProfiles() helper to centralize backup profile sanitization.

  • Reused the existing isValidProfileName() validation logic during backup import.

  • Continued rejecting __proto__, constructor, and prototype.

  • Skipped invalid profile names instead of importing them.

  • Preserved sanitization of valid imported profile settings.

  • Added tests covering:

    • Valid profile imports.
    • Invalid profile name rejection.
    • Reserved key rejection.
    • Sanitization of imported profile settings.

Testing

npm.cmd test
git diff --check

Results:

  • 15/15 tests passed.
  • git diff --check passed (only line-ending warnings were reported).

Screenshots

Not applicable (no UI changes).

@vercel

vercel Bot commented Jul 2, 2026

Copy link
Copy Markdown

@Shreya-nipunge is attempting to deploy a commit to the Dot_NotSam's projects Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are limited based on label configuration.

🏷️ Required labels (at least one) (1)
  • review

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b670e63f-5942-4b17-8087-b84cec7a8b2e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Validate backup profile names on import

1 participant