diff --git a/app/helpers/notifications/create_helper.rb b/app/helpers/notifications/create_helper.rb
index 2ab929c1fe..52f5c8f1fc 100644
--- a/app/helpers/notifications/create_helper.rb
+++ b/app/helpers/notifications/create_helper.rb
@@ -150,7 +150,7 @@ def formatted_test_results(test_results)
 
     def formatted_risk_assessments(prism_risk_assessments, risk_assessments, notification_id)
       if notification_id.nil?
-        (prism_risk_assessments.decorate + risk_assessments.decorate).map(&:supporting_information_full_title).compact.join("<br>")
+        (prism_risk_assessments.decorate + risk_assessments.decorate).map { |assessment| sanitize(assessment.supporting_information_full_title) }.compact.join("<br>")
       else
         risk_assessment_list = Investigation.find_by(pretty_id: notification_id).risk_assessments
         if risk_assessment_list.nil?
@@ -158,9 +158,10 @@ def formatted_risk_assessments(prism_risk_assessments, risk_assessments, notific
         else
           hyperlinks = ""
           risk_assessment_list.each_with_index do |risk, index|
-            hyperlinks += "<div><a class='govuk-link' href='/cases/#{notification_id}/risk-assessments/#{risk.id}'>#{(prism_risk_assessments.decorate + risk_assessments.decorate).map(&:supporting_information_full_title).compact[index]}<br></a></div>"
+            title = sanitize((prism_risk_assessments.decorate + risk_assessments.decorate).map(&:supporting_information_full_title).compact[index])
+            hyperlinks += "<div><a class='govuk-link' href='/cases/#{notification_id}/risk-assessments/#{risk.id}'>#{title}<br></a></div>"
           end
-          hyperlinks
+          hyperlinks.html_safe
         end
       end
     end