diff --git a/app/services/trix_scrubber.rb b/app/services/trix_scrubber.rb
new file mode 100644
index 0000000000..b8328ffc1c
--- /dev/null
+++ b/app/services/trix_scrubber.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class TrixScrubber < Rails::Html::PermitScrubber
+  ALLOWED_TAGS = ["p", "b", "strong", "em", "i", "a", "u", "br", "del", "h1", "blockquote", "pre",
+                  "ul", "ol", "li"].freeze
+  ALLOWED_ATTRIBUTES = ["href", "target", "src", "alt"].freeze
+
+  def initialize
+    super
+    self.tags = ALLOWED_TAGS
+    self.attributes = ALLOWED_ATTRIBUTES
+  end
+end
diff --git a/app/views/shopping_shared/tabs/_custom.html.haml b/app/views/shopping_shared/tabs/_custom.html.haml
index 68b2fec9ba..45aa3ccc3d 100644
--- a/app/views/shopping_shared/tabs/_custom.html.haml
+++ b/app/views/shopping_shared/tabs/_custom.html.haml
@@ -1,3 +1,3 @@
 .content
   .row
-    = @distributor.custom_tab.content.html_safe if @distributor.custom_tab&.content.present?
+    = sanitize(@distributor.custom_tab&.content, scrubber: TrixScrubber.new)