From fbdd9e248438231faa0672ff5af17ba64387fbab Mon Sep 17 00:00:00 2001
From: Akhil Narang <me@akhilnarang.dev>
Date: Mon, 26 Aug 2024 16:21:57 +0530
Subject: [PATCH] fix(search_utils): escape HTML before displaying in
 awesomebar

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
---
 frappe/public/js/frappe/ui/toolbar/search_utils.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/public/js/frappe/ui/toolbar/search_utils.js b/frappe/public/js/frappe/ui/toolbar/search_utils.js
index bcb9349e65..4d9a4fa9be 100644
--- a/frappe/public/js/frappe/ui/toolbar/search_utils.js
+++ b/frappe/public/js/frappe/ui/toolbar/search_utils.js
@@ -97,7 +97,7 @@ frappe.search.utils = {
 						break;
 				}
 			} else if (match[0]) {
-				out.label = match[0].bold();
+				out.label = frappe.utils.escape_html(match[0]).bold();
 				out.value = match[0];
 			} else {
 				console.log("Illegal match", match);