diff --git a/src/lib/markdown.ts b/src/lib/markdown.ts
index 66bcd643d320..0009780021d5 100644
--- a/src/lib/markdown.ts
+++ b/src/lib/markdown.ts
@@ -1,6 +1,7 @@
 // @ts-ignore
 import MarkdownIt from 'markdown-it';
 import MarkdownItAsync from 'markdown-it-async';
+import sanitizeHtml from 'sanitize-html';
 
 // replaces @variableName@ with the value of the variable
 export function replaceVariables(
@@ -87,7 +88,15 @@ export async function markdownToHtmlWithHighlighting(markdown: string) {
       return defaultRender(tokens, idx, options, env, self);
     };
 
-    return markdownItAsync.renderAsync(replaceVariables(markdown));
+    const rawHtml = await markdownItAsync.renderAsync(replaceVariables(markdown));
+    return sanitizeHtml(rawHtml, {
+      allowedTags: sanitizeHtml.defaults.allowedTags.concat(['span', 'img']),
+      allowedAttributes: {
+        ...sanitizeHtml.defaults.allowedAttributes,
+        '*': ['class', 'style'],
+        a: ['href', 'name', 'target', 'rel'],
+      },
+    });
 
   } catch (e) {
     return markdown;