Here is an example, how to prevent cross side scripting for the firstname & lastname input fields. If any one have the solution please advise.
mutation{
createCompanyUser (
input: { email: "[email protected]"
firstname: " id=X tabindex=1 onfoucs=alert(document.domain)></script>"
lastname: "demo'??>'><<"
job_title: "Developer"
role_id : "MTY2"
role_name: "Basic User"
status : ACTIVE
telephone : "3324545676"
country_code: "+1"
company_ids : "133"
}
) {
user {
created_at
email
}
}}