diff --git a/web/src/pages/dataflow-result/components/rerun-button/__tests__/index.test.tsx b/web/src/pages/dataflow-result/components/rerun-button/__tests__/index.test.tsx
new file mode 100644
index 0000000000..997923148c
--- /dev/null
+++ b/web/src/pages/dataflow-result/components/rerun-button/__tests__/index.test.tsx
@@ -0,0 +1,13 @@
+import DOMPurify from 'dompurify';
+
+describe('rerun modal content sanitization', () => {
+ it('strips unsafe html from interpolated pipeline step names', () => {
+ const step = '
';
+ const html = `You are about to rerun the process starting from the ${step} step.`;
+ const sanitized = DOMPurify.sanitize(html);
+
+ expect(sanitized).not.toMatch(/onerror/i);
+ expect(sanitized).not.toContain('