diff --git a/src/app/components/ResumeForm/Form/InputGroup.tsx b/src/app/components/ResumeForm/Form/InputGroup.tsx
index 8f73b99..237ee7a 100644
--- a/src/app/components/ResumeForm/Form/InputGroup.tsx
+++ b/src/app/components/ResumeForm/Form/InputGroup.tsx
@@ -179,9 +179,27 @@ const getHTMLFromBulletListStrings = (bulletListStrings: string[]) => {
     return "<div></div>";
   }
 
-  return bulletListStrings.map((text) => `<div>${text}</div>`).join("");
+  return bulletListStrings
+    .map((text) => `<div>${escapeHtml(text)}</div>`)
+    .join("");
 };
 
+const escapeHtml = (value: string) =>
+  value.replace(/[&<>"]/g, (char) => {
+    switch (char) {
+      case "&":
+        return "&amp;";
+      case "<":
+        return "&lt;";
+      case ">":
+        return "&gt;";
+      case '"':
+        return "&quot;";
+      default:
+        return char;
+    }
+  });
+
 /**
  * BulletListTextareaFallback is a fallback for BulletListTextareaGeneral to work around
  * content editable div issue in some browsers. For example, in Firefox, if user enters
diff --git a/src/app/lib/parse-resume-from-pdf/read-pdf.ts b/src/app/lib/parse-resume-from-pdf/read-pdf.ts
index 12167f5..b5a4f8e 100644
--- a/src/app/lib/parse-resume-from-pdf/read-pdf.ts
+++ b/src/app/lib/parse-resume-from-pdf/read-pdf.ts
@@ -54,7 +54,7 @@ export const readPdf = async (fileUrl: string): Promise<TextItems> => {
       // since non system font name by default is a loaded name, e.g. "g_d8_f1"
       // Reference: https://github.com/mozilla/pdf.js/pull/15659
       const fontObj = commonObjs.get(pdfFontName);
-      const fontName = fontObj.name;
+      const fontName = fontObj?.name ?? pdfFontName ?? "Unknown";
 
       // pdfjs reads a "-" as "-­‐" in the resume example. This is to revert it.
       // Note "-­‐" is "-&#x00AD;‐" with a soft hyphen in between. It is not the same as "--"