diff --git a/frappe/tests/test_document.py b/frappe/tests/test_document.py
index f1f3705470..27ffe39fca 100644
--- a/frappe/tests/test_document.py
+++ b/frappe/tests/test_document.py
@@ -262,6 +262,7 @@ class TestDocument(IntegrationTestCase):
 
 	def test_xss_filter(self):
 		d = self.test_insert()
+		subject = d.subject
 
 		# script
 		xss = '<script>alert("XSS")</script>'
@@ -271,7 +272,7 @@ class TestDocument(IntegrationTestCase):
 		d.reload()
 
 		self.assertTrue(xss not in d.subject)
-		self.assertTrue(escaped_xss in d.subject)
+		self.assertEqual(subject, d.subject)
 
 		# onload
 		xss = '<div onload="alert("XSS")">Test</div>'
diff --git a/frappe/tests/test_utils.py b/frappe/tests/test_utils.py
index a87b7a3793..cd074696e0 100644
--- a/frappe/tests/test_utils.py
+++ b/frappe/tests/test_utils.py
@@ -508,7 +508,7 @@ class TestHTMLUtils(IntegrationTestCase):
 		sample = """<h1>Hello</h1><p>Para</p><a href="http://test.com">text</a>"""
 		clean = clean_email_html(sample)
 		self.assertTrue("<h1>Hello</h1>" in clean)
-		self.assertTrue('<a href="http://test.com">text</a>' in clean)
+		self.assertTrue('<a href="http://test.com" rel="noopener noreferrer">text</a>' in clean)
 
 	def test_sanitize_html(self):
 		from frappe.utils.html_utils import sanitize_html