From 75001b494d5d8198eab20b0cd85d5bd719448ea3 Mon Sep 17 00:00:00 2001
From: Jannat Patel <pateljannat2308@gmail.com>
Date: Mon, 27 Oct 2025 11:36:46 +0530
Subject: [PATCH] fix: escape HTML in job form fields

---
 frontend/src/components/JobCard.vue |  2 +-
 frontend/src/pages/JobForm.vue      | 11 ++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/frontend/src/components/JobCard.vue b/frontend/src/components/JobCard.vue
index ce4de8a9..a910df41 100644
--- a/frontend/src/components/JobCard.vue
+++ b/frontend/src/components/JobCard.vue
@@ -3,7 +3,7 @@
 		class="flex flex-col border rounded-md p-3 h-full hover:border-outline-gray-3"
 	>
 		<div class="flex space-x-4 mb-4">
-			<div class="flex flex-col space-y-2 flex-1">
+			<div class="flex flex-col space-y-2 flex-1 break-all">
 				<div class="text-lg font-semibold text-ink-gray-9">
 					{{ job.company_name }}
 				</div>
diff --git a/frontend/src/pages/JobForm.vue b/frontend/src/pages/JobForm.vue
index d2562a57..563937bc 100644
--- a/frontend/src/pages/JobForm.vue
+++ b/frontend/src/pages/JobForm.vue
@@ -158,7 +158,7 @@ import { computed, onMounted, reactive, inject } from 'vue'
 import { FileText, X } from 'lucide-vue-next'
 import { sessionStore } from '@/stores/session'
 import { useRouter } from 'vue-router'
-import { getFileSize, validateFile } from '@/utils'
+import { escapeHTML, getFileSize, validateFile } from '@/utils'
 
 const user = inject('$user')
 const router = useRouter()
@@ -248,6 +248,7 @@ onMounted(() => {
 })
 
 const saveJob = () => {
+	validateJobFields()
 	if (jobDetail.data) {
 		editJobDetails()
 	} else {
@@ -293,6 +294,14 @@ const editJobDetails = () => {
 	)
 }
 
+const validateJobFields = () => {
+	Object.keys(job).forEach((key) => {
+		if (key != 'description' && typeof job[key] === 'string') {
+			job[key] = escapeHTML(job[key])
+		}
+	})
+}
+
 const saveImage = (file) => {
 	job.image = file
 }