From 2a5b9e45d137657490f86989ebdc2551a71cc2fc Mon Sep 17 00:00:00 2001
From: Akhil Narang <me@akhilnarang.dev>
Date: Mon, 3 Mar 2025 17:13:42 +0530
Subject: [PATCH] fix(import_preview): sanitize preview data

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
---
 frappe/public/js/frappe/data_import/import_preview.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/frappe/public/js/frappe/data_import/import_preview.js b/frappe/public/js/frappe/data_import/import_preview.js
index 58b0cdb5c2..9d9a24d4a9 100644
--- a/frappe/public/js/frappe/data_import/import_preview.js
+++ b/frappe/public/js/frappe/data_import/import_preview.js
@@ -120,6 +120,10 @@ frappe.data_import.ImportPreview = class ImportPreview {
 				if (cell == null) {
 					return "";
 				}
+
+				if (typeof cell === "string") {
+					cell = frappe.utils.xss_sanitise(cell);
+				}
 				return cell;
 			});
 		});