diff --git a/app/assets/javascripts/discourse/components/utilities.coffee b/app/assets/javascripts/discourse/components/utilities.coffee
index 6fdaee54cf5..74258a774ca 100644
--- a/app/assets/javascripts/discourse/components/utilities.coffee
+++ b/app/assets/javascripts/discourse/components/utilities.coffee
@@ -91,7 +91,10 @@ Discourse.Utilities =
       range.select()
 
   markdownConverter: (opts)->
-    converter = new Markdown.Converter()
+    if opts.sanitize
+      converter = new Markdown.getSanitizingConverter()
+    else
+      converter = new Markdown.Converter()
 
     mentionLookup = opts.mentionLookup if opts
     mentionLookup = mentionLookup || Discourse.Mention.lookupCache
diff --git a/app/assets/javascripts/discourse/views/composer_view.js.coffee b/app/assets/javascripts/discourse/views/composer_view.js.coffee
index 76bc39f5f2e..611ffd2a046 100644
--- a/app/assets/javascripts/discourse/views/composer_view.js.coffee
+++ b/app/assets/javascripts/discourse/views/composer_view.js.coffee
@@ -141,6 +141,7 @@ window.Discourse.ComposerView = window.Discourse.View.extend
     @editor = editor = new Markdown.Editor(Discourse.Utilities.markdownConverter(
       lookupAvatar: (username) ->
         Discourse.Utilities.avatarImg(username: username, size: 'tiny')
+      sanitize: true
     ))
 
     $uploadTarget = $('#reply-control')