fix: escape HTML in forms

frontend/src/pages/Programs/ProgramForm.vue

@@ -255,7 +255,7 @@ import {
 import { computed, ref, watch } from 'vue'
 import { Plus, Trash2, TrendingUp } from 'lucide-vue-next'
 import { Programs, Program } from '@/types/programs'
-import { openSettings } from '@/utils'
+import { escapeHTML, openSettings } from '@/utils'
 import Link from '@/components/Controls/Link.vue'
 import Draggable from 'vuedraggable'
 import ProgramProgressSummary from '@/pages/Programs/ProgramProgressSummary.vue'
@@ -362,7 +362,12 @@ const fetchMembers = () => {
 	programMembers.reload()
 }
 
+const validateTitle = () => {
+	program.value.name = escapeHTML(program.value.name.trim())
+}
+
 const saveProgram = (close: () => void) => {
+	validateTitle()
 	if (props.programName === 'new') createNewProgram(close)
 	else updateProgram(close)
 	dirty.value = false