diff --git a/app/helpers/input_sanitize_helper.rb b/app/helpers/input_sanitize_helper.rb
index 5a96b7171..afb46a69d 100644
--- a/app/helpers/input_sanitize_helper.rb
+++ b/app/helpers/input_sanitize_helper.rb
@@ -1,7 +1,10 @@
 module InputSanitizeHelper
   def sanitize_input(text)
-    ActionController::Base.helpers.sanitize(text,
-                                            tags: Constants::WHITELISTED_TAGS)
+    ActionController::Base.helpers.sanitize(
+      text,
+      tags: Constants::WHITELISTED_TAGS,
+      attributes: Constants::WHITELISTED_ATTRIBUTES
+    )
   end
 
   def escape_input(text)
diff --git a/config/initializers/constants.rb b/config/initializers/constants.rb
index b0fa8c9a2..a3524fea3 100644
--- a/config/initializers/constants.rb
+++ b/config/initializers/constants.rb
@@ -213,6 +213,10 @@ class Constants
     'div', 'span', 'u', 's', 'blockquote', 'pre'
   ].freeze
 
+  WHITELISTED_ATTRIBUTES = [
+    'href', 'src', 'width', 'height', 'alt', 'cite', 'datetime', 'title',
+    'class', 'name', 'xml:lang', 'abbr', 'style'
+  ]
   # Very basic regex to check for validity of emails
   BASIC_EMAIL_REGEX = URI::MailTo::EMAIL_REGEXP