diff --git a/api.planx.uk/modules/flows/findReplace/controller.ts b/api.planx.uk/modules/flows/findReplace/controller.ts
index ea0e1e3d44..73d7802a42 100644
--- a/api.planx.uk/modules/flows/findReplace/controller.ts
+++ b/api.planx.uk/modules/flows/findReplace/controller.ts
@@ -26,7 +26,9 @@ export const findAndReplaceSchema = z.object({
     replace: z
       .string()
       .optional()
-      .transform((val) => val && DOMPurify.sanitize(val)),
+      .transform(
+        (val) => val && DOMPurify.sanitize(val, { ADD_ATTR: ["target"] }),
+      ),
   }),
 });
 
diff --git a/editor.planx.uk/src/ui/ReactMarkdownOrHtml.tsx b/editor.planx.uk/src/ui/ReactMarkdownOrHtml.tsx
index 42b6bf7b6b..6e047c360e 100644
--- a/editor.planx.uk/src/ui/ReactMarkdownOrHtml.tsx
+++ b/editor.planx.uk/src/ui/ReactMarkdownOrHtml.tsx
@@ -69,7 +69,7 @@ export default function ReactMarkdownOrHtml(props: {
       <HTMLRoot
         color={props.textColor}
         dangerouslySetInnerHTML={{
-          __html: DOMPurify.sanitize(incrementHeaders),
+          __html: DOMPurify.sanitize(incrementHeaders, { ADD_ATTR: ["target"] }),
         }}
         id={props.id}
       />
diff --git a/sharedb.planx.uk/server.js b/sharedb.planx.uk/server.js
index 1a13948a02..b6a6411025 100644
--- a/sharedb.planx.uk/server.js
+++ b/sharedb.planx.uk/server.js
@@ -63,7 +63,7 @@ function sanitiseOperation(op) {
  */
 function sanitise(input) {
   if ((input && typeof input === "string") || input instanceof String) {
-    return DOMPurify.sanitize(input);
+    return DOMPurify.sanitize(input, { ADD_ATTR: ["target"] });
   } else if ((input && typeof input === "object") || input instanceof Object) {
     return Object.entries(input).reduce((acc, [k, v]) => {
       v = sanitise(v);