diff --git a/sourcefiles/modern/plugins/jquery/jquery-ui-1.12.1.js b/sourcefiles/modern/plugins/jquery/jquery-ui-1.12.1.js
index cf43cb6cb..bc6012e66 100644
--- a/sourcefiles/modern/plugins/jquery/jquery-ui-1.12.1.js
+++ b/sourcefiles/modern/plugins/jquery/jquery-ui-1.12.1.js
@@ -8847,7 +8847,12 @@ $.extend( Datepicker.prototype, {
 		var altFormat, date, dateStr,
 			altField = this._get( inst, "altField" );
 
-		if ( altField ) { // update alternate field too
+		// Mitigation for potential XSS: only allow altField as a selector, not as HTML
+		if (
+			typeof altField === "string" &&
+			altField.length > 0 &&
+			altField.trim().charAt(0) !== "<"
+		) { // update alternate field too
 			altFormat = this._get( inst, "altFormat" ) || this._get( inst, "dateFormat" );
 			date = this._getDate( inst );
 			dateStr = this.formatDate( altFormat, date, this._getFormatConfig( inst ) );