From 4a8391a6fcd6bc41de488f5e7d73446deb403bc0 Mon Sep 17 00:00:00 2001
From: sokumon <sohamkulkarns9@gmail.com>
Date: Mon, 6 Oct 2025 17:01:30 +0530
Subject: [PATCH] fix(xss): sanitize on input itself

---
 frappe/public/js/frappe/ui/toolbar/awesome_bar.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frappe/public/js/frappe/ui/toolbar/awesome_bar.js b/frappe/public/js/frappe/ui/toolbar/awesome_bar.js
index 7e8b325df8..afcbd0d82a 100644
--- a/frappe/public/js/frappe/ui/toolbar/awesome_bar.js
+++ b/frappe/public/js/frappe/ui/toolbar/awesome_bar.js
@@ -66,6 +66,7 @@ frappe.search.AwesomeBar = class AwesomeBar {
 			"input",
 			frappe.utils.debounce(function (e) {
 				var value = e.target.value;
+				value = frappe.utils.xss_sanitise(value);
 				var txt = value.trim().replace(/\s\s+/g, " ");
 				var last_space = txt.lastIndexOf(" ");
 				me.global_results = [];