diff --git a/web/src/common/purify.ts b/web/src/common/purify.ts
index 772ee41534..78fcb61b5d 100644
--- a/web/src/common/purify.ts
+++ b/web/src/common/purify.ts
@@ -6,6 +6,10 @@ import { TemplateResult, html } from "lit";
 import { unsafeHTML } from "lit/directives/unsafe-html.js";
 import { until } from "lit/directives/until.js";
 
+export const DOM_PURIFY_STRICT: DOMPurify.Config = {
+    ALLOWED_TAGS: ["#text"],
+};
+
 export function purify(input: TemplateResult): TemplateResult {
     return html`${until(
         (async () => {
diff --git a/web/src/elements/Diagram.ts b/web/src/elements/Diagram.ts
index 41028b96b3..b8c79de3b5 100644
--- a/web/src/elements/Diagram.ts
+++ b/web/src/elements/Diagram.ts
@@ -1,4 +1,5 @@
 import { EVENT_REFRESH, EVENT_THEME_CHANGE } from "@goauthentik/common/constants";
+import { DOM_PURIFY_STRICT } from "@goauthentik/common/purify";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/EmptyState";
 import mermaid, { MermaidConfig } from "mermaid";
@@ -47,6 +48,8 @@ export class Diagram extends AKElement {
                 curve: "linear",
             },
             htmlLabels: false,
+            securityLevel: "strict",
+            dompurifyConfig: DOM_PURIFY_STRICT,
         };
         mermaid.initialize(this.config);
     }