Project

General

Profile

Actions
Copy link

BUG #4186

open

BUG #4247: [SQA][MODULE] Agency Profile Setup

BUG #4249: [SQA]: Functional >> Agency Profile Setup

[SQA] Agency Profile: Edit Agency Tagline field allows HTML/script injection

Added by Aman Bhuiyan 2 months ago. Updated 30 days ago.

Status:
Complete
Priority:
High
Assignee:
Md. Abdul Hamid
Target version:
sprint 04
Start date:
02/03/2026
Due date:
% Done:

100%

Estimated time:
Spent time:
1:00 h

Description

Description

Module/Section: Agency Profile → Edit Agency Tagline
Profile: Agency
Issue Category: Functional

On the Edit Agency Tagline modal, the tagline input field does not sanitize user input and allows HTML or script tags to be entered and saved.
This behavior poses potential security, data integrity, and content rendering risks.

Steps to Reproduce

  1. Navigate to the Agency Profile page.
  2. Click on the Edit Agency Tagline icon.
  3. Enter HTML or script tags in the tagline input field
    (e.g., <script>alert(1)</script> or <b>test</b>).
  4. Save the changes.

Expected Result

  1. The input field should sanitize or reject HTML/script tags.
  2. Only plain text should be accepted, with proper validation and encoding to prevent security issues.

Actual Result

The tagline input field accepts and saves HTML/script tags without sanitization.

Attachments

Impact Area:

Root Cause:

Additional Info

  • Tested By: Aman
Actions
Copy link

Also available in: Atom PDF