From d20e0d8a27a5828947077214e1872c5497cb739b Mon Sep 17 00:00:00 2001
From: Akhil Narang <me@akhilnarang.dev>
Date: Wed, 25 Jun 2025 11:56:27 +0530
Subject: [PATCH] fix(router): sanitize private workspace route in msgprint

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
---
 frappe/public/js/frappe/router.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/frappe/public/js/frappe/router.js b/frappe/public/js/frappe/router.js
index 2654f540d7..8c6effa2fc 100644
--- a/frappe/public/js/frappe/router.js
+++ b/frappe/public/js/frappe/router.js
@@ -170,7 +170,11 @@ frappe.router = {
 			// private workspace
 			let private_workspace = route[1] && `${route[1]}-${frappe.user.name.toLowerCase()}`;
 			if (!frappe.workspaces[private_workspace]) {
-				frappe.msgprint(__("Workspace <b>{0}</b> does not exist", [route[1]]));
+				frappe.msgprint(
+					__("Workspace <b>{0}</b> does not exist", [
+						frappe.utils.xss_sanitise(route[1]),
+					])
+				);
 				return ["Workspaces"];
 			}
 			route = ["Workspaces", "private", frappe.workspaces[private_workspace].name];