From c41730dfee7bf8ddceb7e81f629bf15415a52ba6 Mon Sep 17 00:00:00 2001
From: diptanilsaha <diptanil@frappe.io>
Date: Mon, 30 Mar 2026 17:52:27 +0530
Subject: [PATCH] fix(opening_invoice_creation_tool): sanitize summary content
 for dashboard (#53917)

---
 .../opening_invoice_creation_tool.py                       | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/erpnext/accounts/doctype/opening_invoice_creation_tool/opening_invoice_creation_tool.py b/erpnext/accounts/doctype/opening_invoice_creation_tool/opening_invoice_creation_tool.py
index 1744e9928f9..f28c4738c58 100644
--- a/erpnext/accounts/doctype/opening_invoice_creation_tool/opening_invoice_creation_tool.py
+++ b/erpnext/accounts/doctype/opening_invoice_creation_tool/opening_invoice_creation_tool.py
@@ -5,7 +5,7 @@
 import frappe
 from frappe import _, scrub
 from frappe.model.document import Document
-from frappe.utils import flt, nowdate
+from frappe.utils import escape_html, flt, nowdate
 from frappe.utils.background_jobs import enqueue, is_job_enqueued
 
 from erpnext.accounts.doctype.accounting_dimension.accounting_dimension import (
@@ -86,6 +86,11 @@ class OpeningInvoiceCreationTool(Document):
 			)
 			prepare_invoice_summary(doctype, invoices)
 
+		invoices_summary_companies = list(invoices_summary.keys())
+
+		for company in invoices_summary_companies:
+			invoices_summary[escape_html(company)] = invoices_summary.pop(company)
+
 		return invoices_summary, max_count
 
 	def validate_company(self):