diff --git a/app/views/pages/custom_page.html.erb b/app/views/pages/custom_page.html.erb
index bdd85ab30..61e167549 100644
--- a/app/views/pages/custom_page.html.erb
+++ b/app/views/pages/custom_page.html.erb
@@ -8,7 +8,7 @@
       <h2><%= @custom_page.subtitle%></h2>
     <% end %>
 
-    <%= text_with_links @custom_page.content %>
+    <%= safe_html_with_links AdminWYSIWYGSanitizer.new.sanitize(@custom_page.content) %>
   </div>
 
   <% if @custom_page.print_content_flag %>
diff --git a/lib/admin_wysiwyg_sanitizer.rb b/lib/admin_wysiwyg_sanitizer.rb
new file mode 100644
index 000000000..6e219f1e8
--- /dev/null
+++ b/lib/admin_wysiwyg_sanitizer.rb
@@ -0,0 +1,9 @@
+class AdminWYSIWYGSanitizer < WYSIWYGSanitizer
+  def allowed_tags
+    super + %w[img]
+  end
+
+  def allowed_attributes
+    super + %w[alt src style]
+  end
+end
diff --git a/lib/wysiwyg_sanitizer.rb b/lib/wysiwyg_sanitizer.rb
index 26792b21c..ee056383c 100644
--- a/lib/wysiwyg_sanitizer.rb
+++ b/lib/wysiwyg_sanitizer.rb
@@ -1,10 +1,14 @@
 class WYSIWYGSanitizer
+  def allowed_tags
+    %w[p ul ol li strong em u s a h2 h3]
+  end
 
-  ALLOWED_TAGS = %w(p ul ol li strong em u s img a h2 h3)
-  ALLOWED_ATTRIBUTES = %w(href style src alt)
+  def allowed_attributes
+    %w[href]
+  end
 
   def sanitize(html)
-    ActionController::Base.helpers.sanitize(html, tags: ALLOWED_TAGS, attributes: ALLOWED_ATTRIBUTES)
+    ActionController::Base.helpers.sanitize(html, tags: allowed_tags, attributes: allowed_attributes)
   end
 
 end
\ No newline at end of file
diff --git a/spec/lib/admin_wysiwyg_sanitizer_spec.rb b/spec/lib/admin_wysiwyg_sanitizer_spec.rb
new file mode 100644
index 000000000..4593b8699
--- /dev/null
+++ b/spec/lib/admin_wysiwyg_sanitizer_spec.rb
@@ -0,0 +1,12 @@
+require 'rails_helper'
+
+describe AdminWYSIWYGSanitizer do
+  let(:sanitizer) { AdminWYSIWYGSanitizer.new }
+
+  describe '#sanitize' do
+    it 'allows images' do
+      html = 'Dangerous<img src="/smile.png" alt="Smile" style="width: 10px;"> image'
+      expect(sanitizer.sanitize(html)).to eq(html)
+    end
+  end
+end
diff --git a/spec/lib/wysiwyg_sanitizer_spec.rb b/spec/lib/wysiwyg_sanitizer_spec.rb
index 17236aa03..e86c351ef 100644
--- a/spec/lib/wysiwyg_sanitizer_spec.rb
+++ b/spec/lib/wysiwyg_sanitizer_spec.rb
@@ -15,10 +15,25 @@ describe WYSIWYGSanitizer do
       expect(subject.sanitize(html)).to eq(html)
     end
 
+    it 'allows links' do
+      html = '<p><a href="/">Home</a></p>'
+      expect(subject.sanitize(html)).to eq(html)
+    end
+
+    it 'allows headings' do
+      html = '<h2>Objectives</h2><p>Fix flaky specs</p><h3>Explain why the test is flaky</h3>'
+      expect(subject.sanitize(html)).to eq(html)
+    end
+
     it 'filters out dangerous tags' do
       html = '<p>This is <script>alert("dangerous");</script></p>'
       expect(subject.sanitize(html)).to eq('<p>This is alert("dangerous");</p>')
     end
+
+    it 'filters images' do
+      html = 'Dangerous<img src="/smile.png" alt="Smile" style="width: 10px";> image'
+      expect(subject.sanitize(html)).to eq('Dangerous image')
+    end
   end
 
 end