BUG #4186
Updated by Aman Bhuiyan 2 months ago
### Description
**Module/Section:** Agency Profile → Edit Agency Tagline
**Profile:** Agency
**Issue Category:** Functional
On the **Edit Agency Tagline** modal, the **tagline input field does not sanitize user input** and allows **HTML or script tags** to be entered and saved.
This behavior poses potential **security**, **data integrity**, and **content rendering** risks.
### Steps to Reproduce
1. Navigate to the **Agency Profile** page.
2. Click on the **Edit Agency Tagline** icon.
3. Enter HTML or script tags in the tagline input field
(e.g., `<script>alert(1)</script>` or `<b>test</b>`).
4. Save the changes.
### Expected Result
1. The input field should **sanitize or reject HTML/script tags**.
2. Only **plain text** should be accepted, with proper validation and encoding to prevent security issues.
### Actual Result
The **tagline input field accepts and saves HTML/script tags** without sanitization.
### Attachments
- [PoC](https://drive.google.com/file/d/1X3oQMKr0Q0wQhs6o4rsF9L3g2SerUho0/view?usp=sharing)
---
### Impact Area:
### Root Cause:
---
### Additional Info
- Tested By: Aman