diff --git a/superset/assets/src/visualizations/big_number.js b/superset/assets/src/visualizations/big_number.js
index a45c1aa262c66..54d87fafd097f 100644
--- a/superset/assets/src/visualizations/big_number.js
+++ b/superset/assets/src/visualizations/big_number.js
@@ -1,5 +1,6 @@
 import d3 from 'd3';
 import d3tip from 'd3-tip';
+import dompurify from 'dompurify';
 import { d3FormatPreset, d3TimeFormatPreset } from '../modules/utils';
 
 import './big_number.css';
@@ -153,7 +154,7 @@ function bigNumberVis(slice, payload) {
 
     const renderTooltip = (d) => {
       const date = formatDate(d[0]);
-      const value = f(d[1]);
+      const value = dompurify.sanitize(f(d[1]));
       return `
         <div>
           <span style="margin-right: 10px;">${date}: </span>
diff --git a/superset/assets/src/visualizations/nvd3_vis.js b/superset/assets/src/visualizations/nvd3_vis.js
index 4a3faba2407a2..6a115f0c6a352 100644
--- a/superset/assets/src/visualizations/nvd3_vis.js
+++ b/superset/assets/src/visualizations/nvd3_vis.js
@@ -7,6 +7,7 @@ import 'nvd3/build/nv.d3.min.css';
 import mathjs from 'mathjs';
 import moment from 'moment';
 import d3tip from 'd3-tip';
+import dompurify from 'dompurify';
 
 import { getColorFromScheme } from '../modules/colors';
 import AnnotationTypes, {
@@ -448,7 +449,7 @@ export default function nvd3Vis(slice, payload) {
                     `style="border: 2px solid ${series.highlight ? 'black' : 'transparent'}; background-color: ${series.color};"` +
                   '></div>' +
                 '</td>' +
-                `<td>${series.key}</td>` +
+                `<td>${dompurify.sanitize(series.key)}</td>` +
                 `<td>${yAxisFormatter(series.value)}</td>` +
               '</tr>'
             );
diff --git a/superset/assets/src/visualizations/table.js b/superset/assets/src/visualizations/table.js
index c340f6919a1a0..6b8deec2d86ed 100644
--- a/superset/assets/src/visualizations/table.js
+++ b/superset/assets/src/visualizations/table.js
@@ -1,6 +1,7 @@
 import d3 from 'd3';
 import dt from 'datatables.net-bs';
 import 'datatables.net-bs/css/dataTables.bootstrap.css';
+import dompurify from 'dompurify';
 
 import { fixDataTableBodyHeight, d3TimeFormatPreset } from '../modules/utils';
 import './table.css';
@@ -87,7 +88,7 @@ function tableVis(slice, payload) {
         html = tsFormatter(val);
       }
       if (typeof (val) === 'string') {
-        html = `<span class="like-pre">${val}</span>`;
+        html = `<span class="like-pre">${dompurify.sanitize(val)}</span>`;
       }
       if (isMetric) {
         html = slice.d3format(c, val);