收口聊天室安全边界并优化特效生命周期

app/Http/Requests/SendMessageRequest.php

@@ -62,7 +62,7 @@ class SendMessageRequest extends FormRequest
             'image' => ['nullable', 'required_without:content', 'file', 'image', 'mimes:jpeg,png,jpg,gif,webp', 'max:6144'],
             'to_user' => ['nullable', 'string', 'max:50'],
             'is_secret' => ['nullable', 'boolean'],
-            'font_color' => ['nullable', 'string', 'max:10'],   // html color hex
+            'font_color' => ['nullable', 'string', 'regex:/^#[0-9a-fA-F]{6}$/'],   // html color hex
             'action' => ['nullable', 'string', 'max:50', Rule::in(self::ALLOWED_ACTIONS)],   // 动作字段仅允许预设值，阻断拼接式 XSS 注入
         ];
     }
@@ -91,6 +91,7 @@ class SendMessageRequest extends FormRequest
             'image.image' => '上传的文件必须是图片。',
             'image.mimes' => '仅支持 jpg、jpeg、png、gif、webp 图片格式。',
             'image.max' => '图片大小不能超过 6MB。',
+            'font_color.regex' => '发言颜色格式不合法，请重新选择颜色。',
             'action.in' => '发言动作不合法，请重新选择。',
         ];
     }