Overview

Built form-heavy loan processing interfaces for Wing's Loan Origination System, focused on making complex loan approval flows usable for operators without sacrificing performance.

Highlights

• Complex form UX: designed and implemented multi-step loan processing forms with careful attention to usability, validation feedback, and error recovery.
• Bulk upload validation: optimized client-side validation for large approval datasets in loan workflows, keeping the UI responsive under high data volumes.
• Performance focus: tuned rendering and state management so operators could work through high volumes of applications without friction.

Technologies

• Framework: Vue 3, TypeScript
• Build: Webpack

Security & best practices

Loan origination touches PII, financial data, and approval decisions — every form field was treated as untrusted until proven safe.

• Defense in depth on validation: client-side validation for UX, server-side validation as the real security boundary — the client was never trusted to enforce business rules on its own.
• Safe rendering: user-provided text rendered through the framework's default escaping; raw HTML output avoided outside explicitly reviewed cases to prevent XSS.
• Bulk upload hardening: uploaded data validated for schema, size limits, and content type on both client and server; malformed rows rejected with clear errors rather than silently dropped.
• PII handling: applicant data kept out of logs, error trackers, and URL parameters; sensitive fields masked by default and revealed only on explicit action.
• Session & CSRF protection: standard protections applied for mutating requests; session timeouts and re-authentication scoped to the sensitivity of each operation.
• Static code scanning: automated scanning integrated into CI to catch security issues and unsafe patterns before merge.

Outcome

A dependable internal tool for loan operators — faster, clearer form flows and robust bulk-validation that reduced back-and-forth during approval.