diff --git a/app/Http/Requests/Request.php b/app/Http/Requests/Request.php
index 62cd0624a9fb..fe7d6c99df7d 100644
--- a/app/Http/Requests/Request.php
+++ b/app/Http/Requests/Request.php
@@ -198,6 +198,18 @@ class Request extends FormRequest
             }
         }
 
+        if(isset($input['public_notes']))
+            $input['public_notes'] = str_replace("</","<-", $input['public_notes']);
+
+        if(isset($input['footer'])) 
+            $input['footer'] = str_replace("</", "<-", $input['footer']);
+        
+        if(isset($input['terms'])) 
+            $input['terms'] = str_replace("</", "<-", $input['terms']);
+        
+        if(isset($input['private_notes'])) 
+            $input['private_notes'] = str_replace("</", "<-", $input['private_notes']);
+        
         return $input;
     }
 
diff --git a/app/Http/Requests/Vendor/StoreVendorRequest.php b/app/Http/Requests/Vendor/StoreVendorRequest.php
index 37dff5e35d24..74ccfe8292d5 100644
--- a/app/Http/Requests/Vendor/StoreVendorRequest.php
+++ b/app/Http/Requests/Vendor/StoreVendorRequest.php
@@ -89,6 +89,10 @@ class StoreVendorRequest extends Request
             $input['currency_id'] = $user->company()->settings->currency_id;
         }
 
+        if (isset($input['name'])) {
+            $input['name'] = strip_tags($input['name']);
+        }
+
         $input = $this->decodePrimaryKeys($input);
 
         $this->replace($input);
diff --git a/app/Http/Requests/Vendor/UpdateVendorRequest.php b/app/Http/Requests/Vendor/UpdateVendorRequest.php
index 2f49179f7ba6..bc7ec08f3ca5 100644
--- a/app/Http/Requests/Vendor/UpdateVendorRequest.php
+++ b/app/Http/Requests/Vendor/UpdateVendorRequest.php
@@ -92,8 +92,8 @@ class UpdateVendorRequest extends Request
     {
         $input = $this->all();
 
-        if (array_key_exists('assigned_user_id', $input) && is_string($input['assigned_user_id'])) {
-            $input['assigned_user_id'] = $this->decodePrimaryKey($input['assigned_user_id']);
+        if (isset($input['name'])) {
+            $input['name'] = strip_tags($input['name']);
         }
 
         if (array_key_exists('country_id', $input) && is_null($input['country_id'])) {
diff --git a/app/Utils/Traits/CleanLineItems.php b/app/Utils/Traits/CleanLineItems.php
index 2a734b106c90..bf144823864b 100644
--- a/app/Utils/Traits/CleanLineItems.php
+++ b/app/Utils/Traits/CleanLineItems.php
@@ -74,6 +74,12 @@ trait CleanLineItems
 
             }
 
+            if(isset($item['notes']))
+                $item['notes'] = str_replace("</", "<-", $item['notes']);
+
+            if(isset($item['product_key'])) 
+                $item['product_key'] = str_replace("</", "<-", $item['product_key']);
+
         }
 
         if (array_key_exists('id', $item) || array_key_exists('_id', $item)) {
diff --git a/resources/views/portal/ninja2020/components/html-viewer.blade.php b/resources/views/portal/ninja2020/components/html-viewer.blade.php
index b91043c27c92..18b2ea93cdeb 100644
--- a/resources/views/portal/ninja2020/components/html-viewer.blade.php
+++ b/resources/views/portal/ninja2020/components/html-viewer.blade.php
@@ -77,7 +77,7 @@ span {
                     <td>
                         <div class="product-information">
                             <div class="item-details">
-                                 
+
                                 <p class="overflow-ellipsis overflow-hidden px-1 mb-2">{!! $product['notes'] !!}</p>
                                 <p class="mt-2">
                                     @if($show_quantity)
@@ -170,7 +170,7 @@ span {
         </button>
         
         <div id="notes" class="py-10 border-b-2 border-fuschia-600"  x-show="show_notes">     
-            {!! html_entity_decode($entity->public_notes) !!}
+            {!! html_entity_decode(e($entity->public_notes)) !!}
         </div>
 
     </div>