BUG #4194
Updated by Aman Bhuiyan 2 months ago
### Description **Module/Section:** Agency Profile → Profile Header → Add Location **Profile:** Agency **Issue Category:** UI On the **Add Location** modal in the **Profile Header** section, the **City** input field does **not sanitize user input** and accepts **invalid or unsafe characters**, including special characters or HTML/script tags. This can lead to **data integrity issues** and potential **security risks**. ### Steps to Reproduce 1. Navigate to the **Agency Profile** page. 2. Open the **Add Location** modal from the profile header section. 3. Enter **special characters or HTML/script tags** in the **City** input field. 4. Attempt to save the location. ### Expected Result The **City** input field should **sanitize input** and accept **only valid text characters**. ### Actual Result The **City** input field accepts **invalid or unsafe characters** without proper validation or sanitization. ### Attachments - [PoC](https://drive.google.com/file/d/16rGoyBUGIsvL66fOH7WA7KmKJm3zNjsR/view?usp=sharing) --- ### Impact Area: ### Root Cause: --- ### Additional Info - Tested By: Aman