From 8c35a939cb5e9a715402dc0ad4d697c0efeba320 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Mon, 30 Mar 2026 12:47:25 +0000
Subject: [PATCH] fix(opening_invoice_creation_tool): sanitize summary content
 for dashboard (backport #53917) (#53924)

Co-authored-by: diptanilsaha <diptanil@frappe.io>
fix(opening_invoice_creation_tool): sanitize summary content for dashboard (#53917)
---
 .../opening_invoice_creation_tool.py                       | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/erpnext/accounts/doctype/opening_invoice_creation_tool/opening_invoice_creation_tool.py b/erpnext/accounts/doctype/opening_invoice_creation_tool/opening_invoice_creation_tool.py
index e1e70e0f6cb..3949e242567 100644
--- a/erpnext/accounts/doctype/opening_invoice_creation_tool/opening_invoice_creation_tool.py
+++ b/erpnext/accounts/doctype/opening_invoice_creation_tool/opening_invoice_creation_tool.py
@@ -5,7 +5,7 @@
 import frappe
 from frappe import _, scrub
 from frappe.model.document import Document
-from frappe.utils import flt, nowdate
+from frappe.utils import escape_html, flt, nowdate
 from frappe.utils.background_jobs import enqueue, is_job_enqueued
 
 from erpnext.accounts.doctype.accounting_dimension.accounting_dimension import (
@@ -86,6 +86,11 @@ class OpeningInvoiceCreationTool(Document):
 			)
 			prepare_invoice_summary(doctype, invoices)
 
+		invoices_summary_companies = list(invoices_summary.keys())
+
+		for company in invoices_summary_companies:
+			invoices_summary[escape_html(company)] = invoices_summary.pop(company)
+
 		return invoices_summary, max_count
 
 	def validate_company(self):