Resolve #3370634 "Validate code field"

Closes #3370634

src/Form/AssetInjectorFormBase.php

@@ -324,6 +324,18 @@ class AssetInjectorFormBase extends EntityForm {
 
       $condition->validateConfigurationForm($form['conditions'][$condition_id], SubformState::createForSubform($form['conditions'][$condition_id], $form, $form_state));
     }
+
+    // Check for unexpected leading and/or trailing tags in the code field.
+    $rejectedTags = ['script', 'style'];
+    $codeValue = trim($form_state->getValue('code'));
+    // In this case we cannot simply call contains() for the check,
+    // as some JS code may have these tags inside of strings, which
+    // should not be removed.
+    foreach ($rejectedTags as $rejectedTag) {
+      if (str_starts_with($codeValue, '<' . $rejectedTag . '>') || str_ends_with($codeValue, '</' . $rejectedTag . '>')) {
+        $form_state->setErrorByName('code', $this->t('There must be no leading or trailing @tag_name tags.', ['@tag_name' => '<' . $rejectedTag . '>']));
+      }
+    }
   }
 
   /**