1 files changed, 13 insertions, 2 deletions

diff --git a/internal/validate/formvalidation.go b/internal/validate/formvalidation.go
index d22e43f6c..c51c17922 100644
--- a/internal/validate/formvalidation.go
+++ b/internal/validate/formvalidation.go
@@ -25,6 +25,7 @@ import (
 	"strings"
 
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/regexes"
 	pwv "github.com/wagslane/go-password-validator"
 	"golang.org/x/text/language"
@@ -40,8 +41,7 @@ const (
 	maximumDescriptionLength      = 5000
 	maximumSiteTermsLength        = 5000
 	maximumUsernameLength         = 64
-	// maximumEmojiShortcodeLength   = 30
-	// maximumHashtagLength          = 30
+	maximumCustomCSSLength        = 5000
 )
 
 // NewPassword returns an error if the given password is not sufficiently strong, or nil if it's ok.
@@ -159,6 +159,17 @@ func StatusFormat(statusFormat string) error {
 	return fmt.Errorf("status format '%s' was not recognized, valid options are 'plain', 'markdown'", statusFormat)
 }
 
+func CustomCSS(customCSS string) error {
+	if !config.GetAccountsAllowCustomCSS() {
+		return errors.New("accounts-allow-custom-css is not enabled for this instance")
+	}
+
+	if length := len(customCSS); length > maximumCustomCSSLength {
+		return fmt.Errorf("custom_css must be less than %d characters, but submitted custom_css was %d characters", maximumCustomCSSLength, length)
+	}
+	return nil
+}
+
 // EmojiShortcode just runs the given shortcode through the regular expression
 // for emoji shortcodes, to figure out whether it's a valid shortcode, ie., 2-30 characters,
 // lowercase a-z, numbers, and underscores.