diff --git a/frappe/public/js/frappe/data_import/import_preview.js b/frappe/public/js/frappe/data_import/import_preview.js
index 58b0cdb5c2..9d9a24d4a9 100644
--- a/frappe/public/js/frappe/data_import/import_preview.js
+++ b/frappe/public/js/frappe/data_import/import_preview.js
@@ -120,6 +120,10 @@ frappe.data_import.ImportPreview = class ImportPreview {
 				if (cell == null) {
 					return "";
 				}
+
+				if (typeof cell === "string") {
+					cell = frappe.utils.xss_sanitise(cell);
+				}
 				return cell;
 			});
 		});