fix: sanitized inputs for people and course creation page

lms/www/courses/create.js

@@ -51,8 +51,13 @@ const create_tag = (e) => {
 	if ($(e.target).val() == "") {
 		return;
 	}
+
+	let tag_value = $(e.target)
+		.val()
+		.replace(/</g, "&lt;")
+		.replace(/>/g, "&gt;");
 	let tag = `<button class="btn btn-secondary btn-sm mr-2 text-uppercase">
-		${$(e.target).val()}
+		${tag_value}
 		<span class="btn-remove">
 			<svg class="icon  icon-sm">
 				<use class="" href="#icon-close"></use>

lms/www/people/index.js

@@ -36,7 +36,12 @@ const search = (e) => {
 				$("#load-more").removeClass("hide");
 			else $("#search-empty-state").removeClass("hide");
 
-			$(".member-parent").append(data.message.user_details);
+			let user_details = data.message.user_details;
+			user_details
+				.replace(/&/g, "&")
+				.replace(/</g, "&lt;")
+				.replace(/"/g, "&quot;");
+			$(".member-parent").append(user_details);
 			update_load_more_state(data);
 		},
 	});