diff --git a/app/views/layouts/_one_trust.html.haml b/app/views/layouts/_one_trust.html.haml
index cf0c75704a4facd25b634123eeafa184a487531a..4fab017d273cbf3396bf7c7217ff367c4855bcf6 100644
--- a/app/views/layouts/_one_trust.html.haml
+++ b/app/views/layouts/_one_trust.html.haml
@@ -1,11 +1,13 @@
 - if one_trust_enabled?
+  - one_trust_id = sanitize(extra_config.one_trust_id, scrubber: Rails::Html::TextOnlyScrubber.new)
+
   <!-- OneTrust -->
-  = javascript_include_tag "https://cdn.cookielaw.org/consent/#{extra_config.one_trust_id}/OtAutoBlock.js"
+  = javascript_include_tag "https://cdn.cookielaw.org/consent/#{one_trust_id}/OtAutoBlock.js"
   = javascript_tag nonce: content_security_policy_nonce do
     :plain
       const oneTrustScript = document.createElement('script');
       oneTrustScript.src = 'https://cdn.cookielaw.org/scripttemplates/otSDKStub.js';
-      oneTrustScript.dataset.domainScript = '#{extra_config.one_trust_id}';
+      oneTrustScript.dataset.domainScript = '#{one_trust_id}';
       oneTrustScript.nonce = '#{content_security_policy_nonce}'
       oneTrustScript.charset = 'UTF-8';
       oneTrustScript.defer = true;