BUG #4208
Updated by Aman Bhuiyan 2 months ago
### Description **Module/Section:** Agency Profile → Edit Agency Legal Name **Profile:** Agency **Issue Category:** Functional On the **Edit Agency Legal Name** modal, the **Legal Name input field lacks proper input sanitization**. Entering **malicious HTML or script tags** results in an **unexpected or abnormal popup**, indicating unsafe input is not being handled correctly. This behavior poses potential **security** and **stability** risks. ### Steps to Reproduce 1. Navigate to the **Agency Profile** page. 2. Open the **Edit Agency Legal Name** option. 3. Enter malicious input such as `<script>alert(1)</script>` in the input field. 4. Attempt to save the changes. 5. Observe the popup behavior. ### Expected Result The **Agency Legal Name** field should: - **Sanitize or reject unsafe input** - Prevent submission of HTML/script tags - **Avoid triggering abnormal popups** ### Actual Result - The field accepts **unsafe input** - An **unexpected popup** appears when saving, indicating improper input handling ### Attachments - [PoC](https://drive.google.com/file/d/160uIvun6_77PI6cvsEGnl4Ch6G6BP93F/view?usp=sharing) --- ### Impact Area: ### Root Cause: --- ### Additional Info - Tested By: Aman