diff --git a/app/assets/javascripts/gl_field_error.js b/app/assets/javascripts/gl_field_error.js
index 09ee7de3b6eee7c207c15ad7f5daef1fcd7d952e..08361b9ffaceef2fb00408c6d5b00c732c643735 100644
--- a/app/assets/javascripts/gl_field_error.js
+++ b/app/assets/javascripts/gl_field_error.js
@@ -1,4 +1,5 @@
 import $ from 'jquery';
+import { sanitize } from '~/lib/dompurify';
 import { __ } from '~/locale';
 
 /**
@@ -64,7 +65,9 @@ export default class GlFieldError {
     this.inputDomElement = this.inputElement.get(0);
     this.form = formErrors;
     this.errorMessage = this.inputElement.attr('title') || __('This field is required.');
-    this.fieldErrorElement = $(`<p class='${errorMessageClass} hidden'>${this.errorMessage}</p>`);
+    this.fieldErrorElement = $(
+      `<p class='${errorMessageClass} hidden'>${sanitize(this.errorMessage)}</p>`,
+    );
 
     this.state = {
       valid: false,