diff --git a/frappe/public/js/frappe/ui/toolbar/awesome_bar.js b/frappe/public/js/frappe/ui/toolbar/awesome_bar.js
index 7e8b325df8..afcbd0d82a 100644
--- a/frappe/public/js/frappe/ui/toolbar/awesome_bar.js
+++ b/frappe/public/js/frappe/ui/toolbar/awesome_bar.js
@@ -66,6 +66,7 @@ frappe.search.AwesomeBar = class AwesomeBar {
 			"input",
 			frappe.utils.debounce(function (e) {
 				var value = e.target.value;
+				value = frappe.utils.xss_sanitise(value);
 				var txt = value.trim().replace(/\s\s+/g, " ");
 				var last_space = txt.lastIndexOf(" ");
 				me.global_results = [];