--- a/app/code/DCKAP/OrderApproval/view/frontend/templates/MyAccount/submitted_orders.phtml	2025-11-18 14:16:52.399239600 +0530
+++ b/app/code/DCKAP/OrderApproval/view/frontend/templates/MyAccount/submitted_orders_modified.phtml	2025-11-18 14:19:16.920361625 +0530
@@ -7,12 +7,12 @@
 if ($DataHelper->checkApprovalFunctionalityStatus()) {
 $intDefaultShipTo = 999999999;
 $_orders = $block->getOrders();
-$arrPostParams = $this->getRequest()->getParams();
+$arrPostParams = array_map([$block, 'escapeHtml'], $this->getRequest()->getParams());
 $arrCustomerShipToAddress = $block->getCustomerShipToAddresses();
 $arrShipToAddressAndNumbers = $DataHelper->getShiptoItems();
 $strDefaultStartDate = date('Y-m-d', strtotime('-90 day'));
 $strDefaultEndDate = date('Y-m-d');
-$params = $this->getRequest()->getParams();
+$params = $arrPostParams;
 $date_now = date("Y-m-d"); // this format is string comparable
 
 $startDateDisplay = (isset($params['startDate'])) ? $params['startDate'] : date('m/d/y', strtotime('-90 day'));
@@ -53,19 +53,19 @@
         $arrSortOrderData = ["created_at" => "Date","entity_id" => "Reference #", "ship_to_number" => "Ship To"];
 
         if (true == is_array($arrPostParams) && !empty($arrPostParams) && true == array_key_exists('startDate', $arrPostParams) && true == array_key_exists('endDate', $arrPostParams)) {
-            $strStartDate = $arrPostParams['startDate'];
-            $strEndDate = $arrPostParams['endDate'];
+            $strStartDate = $block->escapeHtml($arrPostParams['startDate']);
+            $strEndDate = $block->escapeHtml($arrPostParams['endDate']);
         }
         ?>
         <div class="submitted_order_filter">
             <div class="col-md-12 col-sm-12">
                 <div class="start_date-filter">
                     <label for="start_date">Start Date</label>
-                    <input type="date" class="start_date date-picker"  value="<?php echo $strStartDate ?? $strDefaultStartDate; ?>" name="start_date"/>
+                    <input type="date" class="start_date date-picker"  value="<?php echo $block->escapeHtmlAttr($strStartDate ?? $strDefaultStartDate); ?>" name="start_date"/>
                 </div>
                 <div class="end_date-filter">
                     <label for="end_date">End Date</label>
-                    <input type="date" class="end_date date-picker" name="end_date" Value="<?php echo $strEndDate ?? $strDefaultEndDate; ?>"/>
+                    <input type="date" class="end_date date-picker" name="end_date" Value="<?php echo $block->escapeHtmlAttr($strEndDate ?? $strDefaultEndDate); ?>"/>
                 </div>
                 <button class="action primary sort-by-date">Search</button>
                 <button class="action primary" onclick="location.href='<?php echo $block->getSubmittedOrdersListUrl(); ?>'">Reset Filter
--- a/app/code/DCKAP/Shoppinglist/view/frontend/web/js/shopping-list-search.js	2025-10-30 14:46:29.613977934 +0530
+++ b/app/code/DCKAP/Shoppinglist/view/frontend/web/js/shopping-list-search-modified.js	2025-11-18 11:36:15.985727100 +0530
@@ -356,7 +356,8 @@
                                     var optionproductid = $(e.currentTarget).find('.productid-search-list').text();
 
                                      if (optiontext_name == 'No matches found') {
-                                          return false;
+                                          e.preventDefault();
+                                            return;
                                       }
 
                                       var ac_element = $(this);
@@ -371,7 +372,7 @@
                                       this.submitBtn.disabled = true;
                                       $('#submitsearchbutton').hide();
 
-                                      return false;
+                                      e.preventDefault();
                                 }.bind(this))
                                 .on('mouseenter mouseleave', function (e) {
                                     this.responseList.indexList.removeClass(this.options.selectClass);
--- a/app/code/DCKAP/Shoppinglist/view/frontend/templates/shoppinglist.phtml	2025-10-30 14:46:35.176868444 +0530
+++ b/app/code/DCKAP/Shoppinglist/view/frontend/templates/shoppinglistModified.phtml	2025-11-18 11:36:54.169538600 +0530
@@ -103,8 +103,8 @@
           $productCollection = $block->getShoppinglistProductCollection($shopping_list_id);
           $productsCount = $productCollection->getSize();
           //Getting page and limit parameters
-          $page = ($this->getRequest()->getParam('p')) ? $this->getRequest()->getParam('p') : 1;
-          $pageSize = ($this->getRequest()->getParam('limit')) ? $this->getRequest()->getParam('limit') : 10;
+          $page = ($this->getRequest()->getParam('p')) ? $block->escapeHtml($this->getRequest()->getParam('p')) : 1;
+          $pageSize = ($this->getRequest()->getParam('limit')) ? $block->escapeHtml($this->getRequest()->getParam('limit')) : 10;
           if (!empty($productCollection)):
 
               /** When Shopping product list is empty (means count is zero)
@@ -314,7 +314,7 @@
 
           if (productsCount > 0){
               var allowonaccount = $('#allow_on_account').val();
-          var page = "<?= $page; ?>";
+          var page = "<?= $block->escapeJs($page); ?>";
           var pagesize = "<?= $pageSize; ?>";
           $.ajax({
               url: customurl,