From 10553f80ef7cd81647e5cf29b318e4ee6d7199d3 Mon Sep 17 00:00:00 2001
From: AarDG10 <aarol.dsouza@gmail.com>
Date: Fri, 10 Apr 2026 16:55:25 +0530
Subject: [PATCH] fix(note): force sanitization in notes

---
 frappe/desk/doctype/note/note.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frappe/desk/doctype/note/note.py b/frappe/desk/doctype/note/note.py
index 8623beceb7..179994e5a7 100644
--- a/frappe/desk/doctype/note/note.py
+++ b/frappe/desk/doctype/note/note.py
@@ -36,6 +36,7 @@ class Note(Document):
 
 		if not self.content:
 			self.content = "<span></span>"
+		self.content = frappe.utils.sanitize_html(self.content, always_sanitize=True)
 
 	def before_print(self, settings=None):
 		self.print_heading = self.name