diff --git a/packages/js/currency/src/test/index.ts b/packages/js/currency/src/test/index.ts
index 3f6ef2529de..f3bdf8c1b68 100644
--- a/packages/js/currency/src/test/index.ts
+++ b/packages/js/currency/src/test/index.ts
@@ -102,4 +102,20 @@ describe( 'currency.formatDecimalString', () => {
 		// @ts-expect-error formatAccount expects a number or string;
 		expect( currency.formatDecimalString( null ) ).toBe( '' );
 	} );
+
+	it( 'should strip tags in getPriceFormat', () => {
+		const currency = Currency();
+
+		expect(
+			currency.getPriceFormat( {
+				priceFormat: '<b>tag</b>format',
+			} )
+		).toBe( 'tagformat' );
+
+		expect(
+			currency.getPriceFormat( {
+				priceFormat: '<script>tag</script>format',
+			} )
+		).toBe( 'format' );
+	} );
 } );
diff --git a/packages/js/currency/src/utils.tsx b/packages/js/currency/src/utils.tsx
index 2a8901991fa..b0807de6866 100644
--- a/packages/js/currency/src/utils.tsx
+++ b/packages/js/currency/src/utils.tsx
@@ -66,9 +66,17 @@ const CurrencyFactoryBase = function ( currencySetting?: CurrencyConfig ) {
 	let currency: Currency;
 
 	function stripTags( str: string ) {
-		const tmp = document.createElement( 'DIV' );
-		tmp.innerHTML = str;
-		return tmp.textContent || tmp.innerText || '';
+		// sanitize Polyfill - see https://github.com/WordPress/WordPress/blob/master/wp-includes/js/wp-sanitize.js
+		const strippedStr = str
+			.replace( /<!--[\s\S]*?(-->|$)/g, '' )
+			.replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/gi, '' )
+			.replace( /<\/?[a-z][\s\S]*?(>|$)/gi, '' );
+
+		if ( strippedStr !== str ) {
+			return stripTags( strippedStr );
+		}
+
+		return strippedStr;
 	}
 
 	/**