mirror of
https://github.com/we-promise/sure.git
synced 2026-05-30 07:49:01 +00:00
fb36ac319a
- Add hex-format validation on Goal#color so submissions can't smuggle arbitrary CSS into the style attribute on the avatar / picker preview. The picker accepts custom hexes, so format validation (not inclusion) is the right shape — anything not matching #RRGGBB is rejected at the model boundary. - Fix the on_delete in the down block of drop_goal_contributions to match the original cascade. Restoring with restrict was a schema drift that would have shifted referential behavior after a rollback.