diff --git a/app/routes/contributions.js b/app/routes/contributions.js
index 7f68170b94..21f7fd25c6 100644
--- a/app/routes/contributions.js
+++ b/app/routes/contributions.js
@@ -29,7 +29,19 @@ function ContributionsHandler(db) {
 
         /*jslint evil: true */
         // Insecure use of eval() to parse inputs
-        const preTax = eval(req.body.preTax);
+const preTax = parseFloat(req.body.preTax);
+const preTax = parseFloat(req.body.preTax);
+const preTax = parseFloat(req.body.preTax);
+const afterTax = parseFloat(req.body.afterTax);
+const roth = parseFloat(req.body.roth);
+const afterTax = parseFloat(req.body.afterTax);
+const roth = parseFloat(req.body.roth);
+const roth = parseFloat(req.body.roth);
+const afterTax = parseFloat(req.body.afterTax);
+const roth = parseFloat(req.body.roth);
+const roth = parseFloat(req.body.roth);
+const afterTax = parseFloat(req.body.afterTax);
+const roth = parseFloat(req.body.roth);
         const afterTax = eval(req.body.afterTax);
         const roth = eval(req.body.roth);
 
diff --git a/app/routes/index.js b/app/routes/index.js
index a9e55426bf..8bde3556ad 100644
--- a/app/routes/index.js
+++ b/app/routes/index.js
@@ -69,7 +69,20 @@ const index = (app, db) => {
     // Handle redirect for learning resources link
     app.get("/learn", isLoggedIn, (req, res) => {
         // Insecure way to handle redirects by taking redirect url from query string
-        return res.redirect(req.query.url);
+const allowedUrls = [
+    'https://example.com/learn',
+    'https://example.com/docs',
+    // Add more allowed URLs as needed
+];
+
+app.get("/learn", isLoggedIn, (req, res) => {
+    const redirectUrl = req.query.url;
+    if (allowedUrls.includes(redirectUrl)) {
+        return res.redirect(redirectUrl);
+    } else {
+        return res.status(400).send('Invalid redirect URL');
+    }
+});
     });
 
     // Research Page
diff --git a/app/views/benefits.html b/app/views/benefits.html
index 40e9b45bee..7356c42ef4 100644
--- a/app/views/benefits.html
+++ b/app/views/benefits.html
@@ -51,7 +51,21 @@
                         <td>{{user.firstName}}</td>
                         <td>{{user.lastName}}</td>
                         <td>
-                            <form method="POST" action="/benefits">
+<td>{{user.lastName}}</td>
+<td>
+    <form method="POST" action="/benefits">
+        {% csrf_token %}
+        <div class="input-group">
+            <input type="hidden" name="userId" value="{{user._id.toString()}}"></input>
+            <input type="date" class="form-control" name="benefitStartDate" value="{{user.benefitStartDate}}"></input>
+            <span class="input-group-btn">
+                <button type="submit" class="btn btn-default">Save</button>
+            </span>
+        </div>
+        <!-- /input-group -->
+    </form>
+</td>
+</tr>
                                 <div class="input-group">
                                     <input type="hidden" name="userId" value="{{user._id.toString()}}"></input>
                                     <input type="date" class="form-control" name="benefitStartDate" value="{{user.benefitStartDate}}"></input>
diff --git a/app/views/login.html b/app/views/login.html
index 8fb9462f59..58d2e928a0 100644
--- a/app/views/login.html
+++ b/app/views/login.html
@@ -104,7 +104,27 @@
 
 
 
-                            <form method="post" role="form" method="post" id="loginform">
+<form method="post" role="form" id="loginform">
+    {% csrf_token %}
+    <div class="form-group">
+        <label for="userName">User Name</label>
+        <input type="text" class="form-control" id="userName" name="userName" value="{{userName}}" placeholder="Enter User Name">
+    </div>
+
+    <div class="form-group">
+        <label for="password">Password</label>
+        <input type="password" class="form-control" id="password" name="password" value="{{password}}" placeholder="Enter Password">
+    </div>
+
+    <div class="row">
+        <div class="col-lg-4"><a href="/signup">New user? Sign Up</a>
+        </div>
+        <div class="col-lg-5"></div>
+        <div class="col-lg-3">
+            <button type="submit" class="btn btn-danger">Submit</button>
+        </div>
+    </div>
+</form>
                                 <div class="form-group">
                                     <label for="userName">User Name</label>
                                     <input type="text" class="form-control" id="userName" name="userName" value="{{userName}}" placeholder="Enter User Name">
diff --git a/app/views/memos.html b/app/views/memos.html
index 5aa0527b15..f3606a51b9 100644
--- a/app/views/memos.html
+++ b/app/views/memos.html
@@ -12,7 +12,20 @@ <h3 class="panel-title">
 
             <div class="panel-body">
 
-                <form action="/memos" method="post" role="search">
+<div class="panel-body">
+
+    <form action="/memos" method="post" role="search">
+        {% csrf_token %}
+
+        <div class="form-group">
+            <textarea class="form-control" name="memo"></textarea>
+            <p class="help-block">You may use Markdown syntax to format your memo</p>
+        </div>
+
+        <button type="submit" class="btn btn-primary">Submit</button>
+    </form>
+
+</div>
 
                     <div class="form-group">
                         <textarea class="form-control" name="memo"></textarea>