diff --git a/frappe/__init__.py b/frappe/__init__.py
index 7ea7e8d175..29dc8886f0 100644
--- a/frappe/__init__.py
+++ b/frappe/__init__.py
@@ -14,7 +14,7 @@ import os, sys, importlib, inspect, json
 from .exceptions import *
 from .utils.jinja import get_jenv, get_template, render_template, get_email_from_template
 
-__version__ = '9.2.20'
+__version__ = '9.2.21'
 __title__ = "Frappe Framework"
 
 local = Local()
diff --git a/frappe/public/js/frappe/form/formatters.js b/frappe/public/js/frappe/form/formatters.js
index d04212049a..2295cafecc 100644
--- a/frappe/public/js/frappe/form/formatters.js
+++ b/frappe/public/js/frappe/form/formatters.js
@@ -50,23 +50,24 @@ frappe.form.formatters = {
 	Percent: function(value, docfield, options) {
 		return frappe.form.formatters._right(flt(value, 2) + "%", options)
 	},
-	Currency: function(value, docfield, options, doc) {
-		var currency = frappe.meta.get_field_currency(docfield, doc);
+	Currency: function (value, docfield, options, doc) {
+		var currency  = frappe.meta.get_field_currency(docfield, doc);
 		var precision = docfield.precision || cint(frappe.boot.sysdefaults.currency_precision) || 2;
+
+		// If you change anything below, it's going to hurt a company in UAE, a bit.
 		if (precision > 2) {
-			let parts = cstr(value).split('.');
-			let decimals = parts.length > 1 ? parts[1] : '';
-			if (decimals.length < 3) {
-				// min precision 2
-				precision = 2;
-			} else if (decimals.length < precision) {
-				// or min decimals
-				precision = decimals.length;
+			var parts	 = cstr(value).split("."); // should be minimum 2, comes from the DB
+			var decimals = parts.length > 1 ? parts[1] : ""; // parts.length == 2 ???
+			
+			if ( decimals.length < 3 || decimals.length < precision ) {
+				const fraction = frappe.model.get_value(":Currency", currency, "fraction_units") || 100; // if not set, minimum 2.
+				precision      = cstr(fraction).length - 1;
 			}
 		}
-		value = (value==null || value==="") ?
-			"" : format_currency(value, currency, precision);
-		if (options && options.only_value) {
+		
+		value = (value == null || value == "") ? "" : format_currency(value, currency, precision);
+		
+		if ( options && options.only_value ) {
 			return value;
 		} else {
 			return frappe.form.formatters._right(value, options);
diff --git a/frappe/www/search.py b/frappe/www/search.py
index d9027da77c..baf2be4e63 100644
--- a/frappe/www/search.py
+++ b/frappe/www/search.py
@@ -3,10 +3,12 @@ import frappe
 from frappe.utils.global_search import web_search
 from html2text import html2text
 from frappe import _
+from jinja2 import utils
 
 def get_context(context):
 	context.no_cache = 1
 	if frappe.form_dict.q:
+		frappe.form_dict.q = str(utils.escape(frappe.form_dict.q))
 		context.title = _('Search Results for "{0}"').format(frappe.form_dict.q)
 		context.update(get_search_results(frappe.form_dict.q))
 	else: