diff --git a/spec/models/concerns/has_xss_sanitized_note_examples.rb b/spec/models/concerns/has_xss_sanitized_note_examples.rb
index a88a19bd9..051f01e8b 100644
--- a/spec/models/concerns/has_xss_sanitized_note_examples.rb
+++ b/spec/models/concerns/has_xss_sanitized_note_examples.rb
@@ -5,6 +5,11 @@ RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:|
     context 'with injected JS' do
       subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }
 
+      before do
+        # XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
+        stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
+      end
+
       it 'strips out <script> tag with content' do
         expect(subject.note).to eq('test 123  <b>some text</b>')
       end
diff --git a/spec/models/ticket/article_spec.rb b/spec/models/ticket/article_spec.rb
index 18bff2c07..a1e8f3914 100644
--- a/spec/models/ticket/article_spec.rb
+++ b/spec/models/ticket/article_spec.rb
@@ -85,6 +85,11 @@ RSpec.describe Ticket::Article, type: :model do
     describe 'XSS protection:' do
       subject(:article) { create(:ticket_article, body: body, content_type: 'text/html') }
 
+      before do
+        # XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
+        stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
+      end
+
       context 'when body contains only injected JS' do
         let(:body) { <<~RAW.chomp }
           <script type="text/javascript">alert("XSS!");</script> some other text
diff --git a/test/unit/html_sanitizer_test.rb b/test/unit/html_sanitizer_test.rb
index 8d6ff934b..1542cedbc 100644
--- a/test/unit/html_sanitizer_test.rb
+++ b/test/unit/html_sanitizer_test.rb
@@ -4,6 +4,11 @@ require 'test_helper'
 
 class HtmlSanitizerTest < ActiveSupport::TestCase
 
+  processing_timeout = HtmlSanitizer.const_get(:PROCESSING_TIMEOUT)
+
+  # XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
+  HtmlSanitizer.const_set(:PROCESSING_TIMEOUT, nil)
+
   test 'xss' do
     assert_equal(HtmlSanitizer.strict('<b>123</b>'), '<b>123</b>')
     assert_equal(HtmlSanitizer.strict('<script><b>123</b></script>'), '')
@@ -153,4 +158,6 @@ test 123
 
     assert_equal(HtmlSanitizer.strict('<a href="mailto:testäöü@example.com" id="123">test</a>'), '<a href="mailto:test%C3%A4%C3%B6%C3%BC@example.com">test</a>')
   end
+
+  HtmlSanitizer.const_set(:PROCESSING_TIMEOUT, processing_timeout)
 end