diff --git a/package-lock.json b/package-lock.json
index 017214e9bdc..cedd9566554 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,7 +16,7 @@
         "classnames": "^2.5.1",
         "css.escape": "1.5.1",
         "deep-extend": "0.6.0",
-        "dompurify": "=3.2.4",
+        "dompurify": "=3.2.6",
         "ieee754": "^1.2.1",
         "immutable": "^3.x.x",
         "js-file-download": "^0.4.12",
@@ -11066,7 +11066,9 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.2.4",
+      "version": "3.2.6",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.6.tgz",
+      "integrity": "sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==",
       "license": "(MPL-2.0 OR Apache-2.0)",
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
diff --git a/package.json b/package.json
index 10cc452bb93..523f61745d1 100644
--- a/package.json
+++ b/package.json
@@ -80,7 +80,7 @@
     "classnames": "^2.5.1",
     "css.escape": "1.5.1",
     "deep-extend": "0.6.0",
-    "dompurify": "=3.2.4",
+    "dompurify": "=3.2.6",
     "ieee754": "^1.2.1",
     "immutable": "^3.x.x",
     "js-file-download": "^0.4.12",
diff --git a/test/unit/components/markdown.jsx b/test/unit/components/markdown.jsx
index c4e72c9628d..4a5ad4123ae 100644
--- a/test/unit/components/markdown.jsx
+++ b/test/unit/components/markdown.jsx
@@ -9,7 +9,7 @@ describe("Markdown component", function () {
       const getConfigs = () => ({ useUnsafeMarkdown: true })
       const str = `<span class="method" style="border-width: 1px" data-attr="value">ONE</span>`
       const el = render(<Markdown source={str} getConfigs={getConfigs} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p><span data-attr="value" style="border-width: 1px" class="method">ONE</span></p>\n</div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p><span class="method" style="border-width: 1px" data-attr="value">ONE</span></p>\n</div>`)
     })
 
     it("strips class, style and data-* attribs from elements", function () {
@@ -28,13 +28,13 @@ describe("Markdown component", function () {
     it("allows image elements", function () {
       const str = `![Image alt text](http://image.source "Image title")`
       const el = render(<Markdown source={str} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p><img title="Image title" alt="Image alt text" src="http://image.source"></p>\n</div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p><img src="http://image.source" alt="Image alt text" title="Image title"></p>\n</div>`)
     })
 
     it("allows image elements with https scheme", function () {
       const str = `![Image alt text](https://image.source "Image title")`
       const el = render(<Markdown source={str} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p><img title="Image title" alt="Image alt text" src="https://image.source"></p>\n</div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p><img src="https://image.source" alt="Image alt text" title="Image title"></p>\n</div>`)
     })
 
     it("allows image elements with data scheme", function () {
@@ -58,7 +58,7 @@ describe("Markdown component", function () {
     it("allows links", function () {
       const str = `[Link](https://example.com/)`
       const el = render(<Markdown source={str} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p><a rel="noopener noreferrer" target="_blank" href="https://example.com/">Link</a></p>\n</div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p><a href="https://example.com/" target="_blank" rel="noopener noreferrer">Link</a></p>\n</div>`)
     })
   })
 
@@ -67,7 +67,7 @@ describe("Markdown component", function () {
       const getConfigs = () => ({ useUnsafeMarkdown: true })
       const str = `<span class="method" style="border-width: 1px" data-attr="value">ONE</span>`
       const el = render(<OAS3Markdown source={str} getConfigs={getConfigs} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="renderedMarkdown"><p><span data-attr="value" style="border-width: 1px" class="method">ONE</span></p></div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="renderedMarkdown"><p><span class="method" style="border-width: 1px" data-attr="value">ONE</span></p></div>`)
     })
 
     it("strips class, style and data-* attribs from elements", function () {
@@ -80,13 +80,13 @@ describe("Markdown component", function () {
     it("allows image elements", function () {
       const str = `![Image alt text](http://image.source "Image title")`
       const el = render(<OAS3Markdown source={str} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="renderedMarkdown"><p><img title="Image title" alt="Image alt text" src="http://image.source"></p></div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="renderedMarkdown"><p><img src="http://image.source" alt="Image alt text" title="Image title"></p></div>`)
     })
 
     it("allows image elements with https scheme", function () {
       const str = `![Image alt text](https://image.source "Image title")`
       const el = render(<OAS3Markdown source={str} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="renderedMarkdown"><p><img title="Image title" alt="Image alt text" src="https://image.source"></p></div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="renderedMarkdown"><p><img src="https://image.source" alt="Image alt text" title="Image title"></p></div>`)
     })
 
     it("allows image elements with data scheme", function () {
diff --git a/test/unit/xss/markdown-script-sanitization.jsx b/test/unit/xss/markdown-script-sanitization.jsx
index 34ff2e24340..c41ff672224 100644
--- a/test/unit/xss/markdown-script-sanitization.jsx
+++ b/test/unit/xss/markdown-script-sanitization.jsx
@@ -20,7 +20,7 @@ describe("Markdown Script Sanitization", function() {
     it("sanitizes <form> elements", function() {
       const str = `"<form action='https://do.not.use.url/fake' method='post' action='java'><input type='email' id='email' placeholder='Email-address' name='email' value=''><button type='submit'>Login</button>"`
       const el = render(<Markdown source={str} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p>"</p><input value="" name="email" placeholder="Email-address" id="email" type="email"><button type="submit">Login</button>"<p></p>\n</div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="markdown"><p>"</p><input type="email" id="email" placeholder="Email-address" name="email" value=""><button type="submit">Login</button>"<p></p>\n</div>`)
     })
   })
 
@@ -40,7 +40,7 @@ describe("Markdown Script Sanitization", function() {
     it("sanitizes <form> elements", function () {
       const str = `"<form action='https://do.not.use.url/fake' method='post' action='java'><input type='email' id='email' placeholder='Email-address' name='email' value=''><button type='submit'>Login</button>"`
       const el = render(<OAS3Markdown source={str} />)
-      expect(el.prop("outerHTML")).toEqual(`<div class="renderedMarkdown"><p>"</p><input value="" name="email" placeholder="Email-address" id="email" type="email"><button type="submit">Login</button>"<p></p></div>`)
+      expect(el.prop("outerHTML")).toEqual(`<div class="renderedMarkdown"><p>"</p><input type="email" id="email" placeholder="Email-address" name="email" value=""><button type="submit">Login</button>"<p></p></div>`)
     })
   })
 })