Project

General

Profile

Actions
Copy link

BUG #4229

open

BUG #4247: [SQA][MODULE] Agency Profile Setup

BUG #4249: [SQA]: Functional >> Agency Profile Setup

[SQA] Agency Profile: Add Project fields allow unsafe HTML/JavaScript input

Added by Aman Bhuiyan 2 months ago. Updated 29 days ago.

Status:
Complete
Priority:
High
Assignee:
Aman Bhuiyan
Target version:
sprint 04
Start date:
02/03/2026
Due date:
% Done:

100%

Estimated time:
Spent time:
1:00 h

Description

Description

Module/Section: Agency Profile → Project
Profile: Agency
Issue Category: Functional

The Add Project input fields (Project Title, Project Overview, Category) on the Agency Profile page do not sanitize user input, allowing HTML and JavaScript tags.
This creates a potential security risk and may affect data integrity.

Steps to Reproduce

  1. Navigate to the Agency Profile page.
  2. Open Projects → Add Project.
  3. Enter HTML/JS tags (e.g., <b>test</b> or <script>alert(1)</script>) in Project Title, Project Overview, or Category.
  4. Save the project.

Expected Result

The Project input fields should sanitize or reject HTML/JavaScript tags and accept only safe text input.

Actual Result

The fields accept HTML/JavaScript tags without validation, creating a security vulnerability.

Attachments

Impact Area:

Root Cause:

Additional Info

  • Tested By: Aman
Actions
Copy link

Also available in: Atom PDF