From f13022835afa6cfa84e5ba42745f0ac0ad42cc2a Mon Sep 17 00:00:00 2001
From: Afsal Syed <afsalsyed12@gmail.com>
Date: Sat, 6 Dec 2025 21:41:33 +0530
Subject: [PATCH] fix: sanitize address display by stripping HTML tags using
 html2text

---
 erpnext/public/js/utils/party.js                     | 2 +-
 erpnext/public/js/utils/sales_common.js              | 5 ++++-
 erpnext/selling/doctype/customer/customer.js         | 2 +-
 erpnext/stock/doctype/delivery_trip/delivery_trip.js | 7 ++++++-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/erpnext/public/js/utils/party.js b/erpnext/public/js/utils/party.js
index 958defa32c7..641ef342690 100644
--- a/erpnext/public/js/utils/party.js
+++ b/erpnext/public/js/utils/party.js
@@ -156,7 +156,7 @@ erpnext.utils.get_address_display = function (frm, address_field, display_field,
 			args: { address_dict: frm.doc[address_field] },
 			callback: function (r) {
 				if (r.message) {
-					frm.set_value(display_field, r.message);
+					frm.set_value(display_field, frappe.utils.html2text(r.message));
 				}
 			},
 		});
diff --git a/erpnext/public/js/utils/sales_common.js b/erpnext/public/js/utils/sales_common.js
index 736a06c917f..829ce3dc8b4 100644
--- a/erpnext/public/js/utils/sales_common.js
+++ b/erpnext/public/js/utils/sales_common.js
@@ -410,7 +410,10 @@ erpnext.sales_common = {
 						args: { address_dict: this.frm.doc.company_address },
 						callback: function (r) {
 							if (r.message) {
-								me.frm.set_value("company_address_display", r.message);
+								me.frm.set_value(
+									"company_address_display",
+									frappe.utils.html2text(r.message)
+								);
 							}
 						},
 					});
diff --git a/erpnext/selling/doctype/customer/customer.js b/erpnext/selling/doctype/customer/customer.js
index 42f12507c1c..5a5f5b27331 100644
--- a/erpnext/selling/doctype/customer/customer.js
+++ b/erpnext/selling/doctype/customer/customer.js
@@ -116,7 +116,7 @@ frappe.ui.form.on("Customer", {
 					address_dict: frm.doc.customer_primary_address,
 				},
 				callback: function (r) {
-					frm.set_value("primary_address", r.message);
+					frm.set_value("primary_address", frappe.utils.html2text(r.message));
 				},
 			});
 		}
diff --git a/erpnext/stock/doctype/delivery_trip/delivery_trip.js b/erpnext/stock/doctype/delivery_trip/delivery_trip.js
index 855bccdded5..692b468e6ae 100755
--- a/erpnext/stock/doctype/delivery_trip/delivery_trip.js
+++ b/erpnext/stock/doctype/delivery_trip/delivery_trip.js
@@ -208,7 +208,12 @@ frappe.ui.form.on("Delivery Stop", {
 				args: { address_dict: row.address },
 				callback: function (r) {
 					if (r.message) {
-						frappe.model.set_value(cdt, cdn, "customer_address", r.message);
+						frappe.model.set_value(
+							cdt,
+							cdn,
+							"customer_address",
+							frappe.utils.html2text(r.message)
+						);
 					}
 				},
 			});