fix: escape HTML in job form fields

2025-10-27 11:36:46 +05:30
parent 8749e21744
commit 75001b494d
2 changed files with 11 additions and 2 deletions
--- a/frontend/src/pages/JobForm.vue
+++ b/frontend/src/pages/JobForm.vue
@@ -158,7 +158,7 @@ import { computed, onMounted, reactive, inject } from 'vue'
 import { FileText, X } from 'lucide-vue-next'
 import { sessionStore } from '@/stores/session'
 import { useRouter } from 'vue-router'
-import { getFileSize, validateFile } from '@/utils'
+import { escapeHTML, getFileSize, validateFile } from '@/utils'

 const user = inject('$user')
 const router = useRouter()
@@ -248,6 +248,7 @@ onMounted(() => {
 })

 const saveJob = () => {
+	validateJobFields()
 	if (jobDetail.data) {
 		editJobDetails()
 	} else {
@@ -293,6 +294,14 @@ const editJobDetails = () => {
 	)
 }

+const validateJobFields = () => {
+	Object.keys(job).forEach((key) => {
+		if (key != 'description' && typeof job[key] === 'string') {
+			job[key] = escapeHTML(job[key])
+		}
+	})
+}
+
 const saveImage = (file) => {
 	job.image = file
 }