diff --git a/src/common/challenge-helper.js b/src/common/challenge-helper.js
index 3b1e87de..b472f06a 100644
--- a/src/common/challenge-helper.js
+++ b/src/common/challenge-helper.js
@@ -117,6 +117,11 @@ class ChallengeHelper {
       await ensureAcessibilityToModifiedGroups(currentUser, data, challenge);
     }
 
+    // Ensure descriptionFormat is either 'markdown' or 'html'
+    if (data.descriptionFormat && !_.includes(["markdown", "html"], data.descriptionFormat)) {
+      throw new errors.BadRequestError("The property 'descriptionFormat' must be either 'markdown' or 'html'");
+    }
+
     // Ensure unchangeable fields are not changed
     if (
       _.get(challenge, "legacy.track") &&
diff --git a/src/services/ChallengeService.js b/src/services/ChallengeService.js
index c581dcce..6d0f4bbb 100644
--- a/src/services/ChallengeService.js
+++ b/src/services/ChallengeService.js
@@ -1515,6 +1515,11 @@ async function updateChallenge(currentUser, challengeId, data) {
     _.set(data, "billing.markup", markup || 0);
   }
 
+  // Make sure the user cannot change the direct project ID
+  if (data.legacy && data.legacy.directProjectId) {
+    _.unset(data, "legacy.directProjectId", directProjectId);
+  }
+
   /* BEGIN self-service stuffs */
 
   // TODO: At some point in the future this should be moved to a Self-Service Challenge Helper