diff --git a/apps/client/src/services/attribute_autocomplete.ts b/apps/client/src/services/attribute_autocomplete.ts
index a39f6b5cfe..37fad01b51 100644
--- a/apps/client/src/services/attribute_autocomplete.ts
+++ b/apps/client/src/services/attribute_autocomplete.ts
@@ -302,6 +302,9 @@ function initLabelValueAutocomplete({ $el, open, nameCallback, onValueChange }:
         isSelecting = false;
 
         setTimeout(() => {
+            // Preserve the legacy contract: several consumers still commit the
+            // selected value from their existing Enter key handlers instead of
+            // listening to the autocomplete selection event directly.
             inputEl.dispatchEvent(new KeyboardEvent("keydown", {
                 key: "Enter",
                 code: "Enter",
diff --git a/apps/client/src/services/note_autocomplete.ts b/apps/client/src/services/note_autocomplete.ts
index 5f25bd99c8..e487b2226d 100644
--- a/apps/client/src/services/note_autocomplete.ts
+++ b/apps/client/src/services/note_autocomplete.ts
@@ -111,8 +111,20 @@ function escapeHtml(text: string): string {
         .replaceAll("'", "&#39;");
 }
 
+function sanitizeHighlightedHtml(text: string, { allowBreaks = false }: { allowBreaks?: boolean } = {}): string {
+    const sanitizedBreaks = allowBreaks
+        ? text.replace(/<br\b[^>]*\/?>/gi, "<br>")
+        : text.replace(/<br\b[^>]*\/?>/gi, "");
+
+    return sanitizedBreaks
+        .replace(/<b\b[^>]*>/gi, "<b>")
+        .replace(/<\/b\s*>/gi, "</b>")
+        .replace(/<\/?[^>]+>/g, "");
+}
+
 function normalizeAttributeSnippet(snippet: string): string {
-    return snippet.replace(/<br\s*\/?>/gi, " <span class=\"aa-core-separator\">&middot;</span> ");
+    return sanitizeHighlightedHtml(snippet, { allowBreaks: true })
+        .replace(/<br\s*\/?>/gi, " <span class=\"aa-core-separator\">&middot;</span> ");
 }
 
 function getSuggestionIconClass(item: Suggestion): string {
@@ -135,7 +147,9 @@ function getSuggestionInputValue(item: Suggestion): string {
 
 function renderCommandSuggestion(item: Suggestion): string {
     const iconClass = escapeHtml(item.icon || "bx bx-terminal");
-    const titleHtml = item.highlightedNotePathTitle || escapeHtml(item.noteTitle || "");
+    const titleHtml = item.highlightedNotePathTitle
+        ? sanitizeHighlightedHtml(item.highlightedNotePathTitle)
+        : escapeHtml(item.noteTitle || "");
     const descriptionHtml = item.commandDescription ? `<div class="command-description">${escapeHtml(item.commandDescription)}</div>` : "";
     const shortcutHtml = item.commandShortcut ? `<kbd class="command-shortcut">${escapeHtml(item.commandShortcut)}</kbd>` : "";
 
@@ -153,7 +167,9 @@ function renderCommandSuggestion(item: Suggestion): string {
 
 function renderNoteSuggestion(item: Suggestion): string {
     const iconClass = escapeHtml(getSuggestionIconClass(item));
-    const titleHtml = item.highlightedNotePathTitle || escapeHtml(item.noteTitle || item.notePathTitle || item.externalLink || "");
+    const titleHtml = item.highlightedNotePathTitle
+        ? sanitizeHighlightedHtml(item.highlightedNotePathTitle)
+        : escapeHtml(item.noteTitle || item.notePathTitle || item.externalLink || "");
     const shortcutHtml = item.action === "search-notes"
         ? `<kbd class="aa-core-shortcut">Ctrl+Enter</kbd>`
         : "";
