diff --git a/app/helpers/text_with_links_helper.rb b/app/helpers/text_with_links_helper.rb
index 32ada7c72..a1fa6d935 100644
--- a/app/helpers/text_with_links_helper.rb
+++ b/app/helpers/text_with_links_helper.rb
@@ -2,7 +2,7 @@ module TextWithLinksHelper
 
   def text_with_links(text)
     return unless text
-    sanitized = sanitize text, tags: %w(a), attributes: %w(href)
+    sanitized = sanitize text
     Rinku.auto_link(sanitized, :all, 'target="_blank" rel="nofollow"').html_safe
   end
 
diff --git a/spec/features/comments_spec.rb b/spec/features/comments_spec.rb
index 41c1a5f31..437286bf7 100644
--- a/spec/features/comments_spec.rb
+++ b/spec/features/comments_spec.rb
@@ -34,13 +34,14 @@ feature 'Comments' do
   end
 
   scenario 'Sanitizes comment body for security' do
-    create :comment, commentable: debate, body: "<script>alert('hola')</script> http://madrid.es"
+    create :comment, commentable: debate, body: "<script>alert('hola')</script> <a href=\"javascript:alert('sorpresa!')\">click me<a/> http://madrid.es"
 
     visit debate_path(debate)
 
     within first('.comment') do
-      expect(page).to have_content "alert('hola') http://madrid.es"
+      expect(page).to have_content "click me http://madrid.es"
       expect(page).to have_link('http://madrid.es', href: 'http://madrid.es')
+      expect(page).not_to have_link('click me')
     end
   end