Forum brand-color preview hardcodes white text, becomes invisible when a light brand color is chosen

Area: Forums (re-run) (audit p2r) · Surface: /forums/{slug}/settings — branding tab (ForumSettingsController@show) · Dimension: Law 3 — contrast · Severity: minor

The branding tab shows a live preview chip and button that always use white text over the moderator-chosen brand color. The color picker has no lightness guard, so choosing a light brand color makes the preview text invisible — which is exactly the surface meant to show the moderator what their choice will look like.

Evidence

platform/templates/forums/settings.php:416 `.fs-brand-chip{...color:#fff;...background:var(--_fs-brand,#5f86ff)}` and :417 `.fs-brand-button{...color:#fff;...background:var(--_fs-brand,#5f86ff);...}`. `--_fs-brand` is set live from a free `input[type=color]` value with no lightness constraint (settings.php:521-527, `paint()` does `el.style.setProperty('--_fs-brand', c)`). Picking white/gold/light-gray as the forum brand color yields white text on a light fill.

Suggested fix. Compute a contrasting foreground for the preview (e.g. pick black or white based on the brand color's luminance in the paint() handler) instead of hardcoding white, or constrain the color input to colors with sufficient contrast against white.

Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.