diff --git a/js/Common.js b/js/Common.js
index 47c6e48b18e0..05b037d7c8ae 100644
--- a/js/Common.js
+++ b/js/Common.js
@@ -1624,4 +1624,9 @@ if (!CRM.vars) CRM.vars = {};
     }
   });
 
+  // CVE-2020-11022 and CVE-2020-11023  Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.
+  $.htmlPrefilter = function(html) {
+    return html;
+  };
+
 })(jQuery, _);