diff --git a/package.json b/package.json
index cb6ed309f..de98824dc 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,8 @@
 {
   "devDependencies": {
     "eslint": "^9.10.0"
+  },
+  "dependencies": {
+    "dompurify": "^3.1.6"
   }
 }
diff --git a/server-data/resources/[esx_addons]/esx_garage/nui/js/app.js b/server-data/resources/[esx_addons]/esx_garage/nui/js/app.js
index e08b3348f..ac4731a36 100644
--- a/server-data/resources/[esx_addons]/esx_garage/nui/js/app.js
+++ b/server-data/resources/[esx_addons]/esx_garage/nui/js/app.js
@@ -1,3 +1,5 @@
+import DOMPurify from 'dompurify';
+
 $(window).ready(function() {
 	window.addEventListener('message', function(event) {
 		const data = event.data;
@@ -19,12 +21,12 @@ $(window).ready(function() {
 
 				if (data.poundCost != undefined) {
 					$('.content .vehicle-list').html(
-						getVehicles(data.locales, data.vehiclesList, data.poundCost),
+						DOMPurify.sanitize(getVehicles(data.locales, data.vehiclesList, data.poundCost)),
 					);
 				}
 				else {
 					$('.content .vehicle-list').html(
-						getVehicles(data.locales, data.vehiclesList),
+						DOMPurify.sanitize(getVehicles(data.locales, data.vehiclesList)),
 					);
 				}
 
@@ -42,7 +44,7 @@ $(window).ready(function() {
 				if (data.poundCost) $('#container').data('poundcost', data.poundCost);
 
 				$('.impounded_content .vehicle-list').html(
-					getImpoundedVehicles(data.locales, data.vehiclesImpoundedList),
+					DOMPurify.sanitize(getImpoundedVehicles(data.locales, data.vehiclesImpoundedList)),
 				);
 				$('.impounded_content h2').hide();
 			}