Merge pull request #163 from EETagent/dompurify_improvements

(frontend) sanitize grades too

frontend/src/lib/@api/candidate.ts

@@ -1,10 +1,5 @@
 import axios, { type AxiosProgressEvent } from 'axios';
-import type {
-	BaseCandidate,
-	CandidateData,
-	CandidateLogin,
-	CreateCandidate
-} from '$lib/stores/candidate';
+import type { BaseCandidate, CandidateData, CandidateLogin } from '$lib/stores/candidate';
 import type { SubmissionProgress } from '$lib/stores/portfolio';
 import { API_URL, errorHandler, type Fetch } from '.';
 import DOMPurify from 'isomorphic-dompurify';
@@ -87,11 +82,15 @@ export const apiFillDetails = async (data: CandidateData): Promise<CandidateData
 	Object.keys(data.candidate).forEach((key) => {
 		// eslint-disable-next-line @typescript-eslint/ban-ts-comment
 		// @ts-ignore
-		if (typeof data.candidate[key] !== 'string' && typeof data.candidate[key] !== 'number') return;
+		if (typeof data.candidate[key] !== 'string') return;
 		// eslint-disable-next-line @typescript-eslint/ban-ts-comment
 		// @ts-ignore
 		data.candidate[key] = DOMPurify.sanitize(data.candidate[key]);
 	});
+	// Sanitize grades data
+	for (let index = 0; index < data.candidate.grades.length; index++) {
+		data.candidate.grades[index].subject = DOMPurify.sanitize(data.candidate.grades[index].subject);
+	}
 	// Sanitize parents data
 	for (let index = 0; index < data.parents.length; index++) {
 		Object.keys(data.parents[index]).forEach((key) => {