fix(core): Tighten check for company size survey answer (#10646)

packages/cli/src/controllers/__tests__/me.controller.test.ts

@@ -352,6 +352,26 @@ describe('MeController', () => {
 			);
 		});
 
+		it('should not flag XSS attempt for `<` sign in company size', async () => {
+			const req = mock<MeRequest.SurveyAnswers>();
+			req.body = {
+				version: 'v4',
+				personalization_survey_submitted_at: '2024-08-06T12:19:51.268Z',
+				personalization_survey_n8n_version: '1.0.0',
+				companySize: '<20',
+				otherCompanyIndustryExtended: ['test'],
+				automationGoalSm: ['test'],
+				usageModes: ['test'],
+				email: 'test@email.com',
+				role: 'test',
+				roleOther: 'test',
+				reportedSource: 'test',
+				reportedSourceOther: 'test',
+			};
+
+			await expect(controller.storeSurveyAnswers(req)).resolves.toEqual({ success: true });
+		});
+
 		test.each([
 			'automationGoalDevops',
 			'companyIndustryExtended',

packages/cli/src/controllers/survey-answers.dto.ts

@@ -45,7 +45,7 @@ export class PersonalizationSurveyAnswersV4 implements IPersonalizationSurveyAns
 	@IsString({ each: true })
 	otherCompanyIndustryExtended?: string[] | null;
 
-	@NoXss()
+	@IsEnum(['<20', '20-99', '100-499', '500-999', '1000+', 'personalUser'])
 	@Expose()
 	@IsOptional()
 	@IsString()

packages/cli/test/integration/me.api.test.ts

@@ -400,7 +400,7 @@ const SURVEY: IPersonalizationSurveyAnswersV4 = {
 	automationGoalDevopsOther: 'test',
 	companyIndustryExtended: ['test'],
 	otherCompanyIndustryExtended: ['test'],
-	companySize: 'test',
+	companySize: '20-99',
 	companyType: 'test',
 	automationGoalSm: ['test'],
 	automationGoalSmOther: 'test',