diff --git a/package.json b/package.json
index 31a55218a0..43d3b4f1a7 100755
--- a/package.json
+++ b/package.json
@@ -49,7 +49,8 @@
     "caniuse-lite": "~1.0.30001335",
     "path-to-regexp": "^8.2.0",
     "qs": "^6.13.0",
-    "setimmediate": "^1.0.5"
+    "setimmediate": "^1.0.5",
+    "dompurify": "^2.3.8"
   },
   "devDependencies": {
     "@babel/plugin-transform-runtime": "~7.4.4",
diff --git a/venia-integration-tests/src/fixtures/googleMapApi/index.js b/venia-integration-tests/src/fixtures/googleMapApi/index.js
index b633c5f97b..203b1c4df0 100644
--- a/venia-integration-tests/src/fixtures/googleMapApi/index.js
+++ b/venia-integration-tests/src/fixtures/googleMapApi/index.js
@@ -1,3 +1,4 @@
+import DOMPurify from 'dompurify';
 export const createGoogleMapApi = currentMapApi => {
     return {
         maps: {
@@ -85,7 +86,9 @@ export const createGoogleMapApi = currentMapApi => {
 
                 open(map) {
                     map.infoWindowContainer.style.maxWidth = this.maxWidth;
-                    map.infoWindowContainer.innerHTML = this.content;
+                    map.infoWindowContainer.innerHTML = DOMPurify.sanitize(
+                        this.content
+                    );
                 }
 
                 close() {
diff --git a/yarn.lock b/yarn.lock
index 1c9743f74c..82ad11d9a4 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8935,6 +8935,11 @@ domhandler@^4.0.0, domhandler@^4.2.0, domhandler@^4.3.1:
   dependencies:
     domelementtype "^2.2.0"
 
+dompurify@^2.3.8:
+  version "2.5.8"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.5.8.tgz#2809d89d7e528dc7a071dea440d7376df676f824"
+  integrity sha512-o1vSNgrmYMQObbSSvF/1brBYEQPHhV1+gsmrusO7/GXtp1T9rCS8cXFqVxK/9crT1jA6Ccv+5MTSjBNqr7Sovw==
+
 domutils@^2.5.2, domutils@^2.8.0:
   version "2.8.0"
   resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.8.0.tgz#4437def5db6e2d1f5d6ee859bd95ca7d02048135"