From fa6ec99c895fff265b16ca447680a0ae81daca15 Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Mon, 18 Mar 2024 21:17:09 +0530
Subject: [PATCH] fix: escape text types before setting disp area (#25520)

---
 frappe/public/js/frappe/form/controls/base_input.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/frappe/public/js/frappe/form/controls/base_input.js b/frappe/public/js/frappe/form/controls/base_input.js
index 044d587c71..22958701be 100644
--- a/frappe/public/js/frappe/form/controls/base_input.js
+++ b/frappe/public/js/frappe/form/controls/base_input.js
@@ -146,11 +146,12 @@ frappe.ui.form.ControlInput = class ControlInput extends frappe.ui.form.Control
 		} else {
 			value = this.value || value;
 		}
-		if (this.df.fieldtype === "Data") {
+		if (["Data", "Long Text", "Small Text", "Text", "Password"].includes(this.df.fieldtype)) {
 			value = frappe.utils.escape_html(value);
 		}
 		let doc = this.doc || (this.frm && this.frm.doc);
 		let display_value = frappe.format(value, this.df, { no_icon: true, inline: true }, doc);
+		// This is used to display formatted output AND showing values in read only fields
 		this.disp_area && $(this.disp_area).html(display_value);
 	}
 	set_label(label) {