diff --git a/fields/types/markdown/MarkdownType.js b/fields/types/markdown/MarkdownType.js
index d1afb0c2a4a..b67ce848226 100644
--- a/fields/types/markdown/MarkdownType.js
+++ b/fields/types/markdown/MarkdownType.js
@@ -1,7 +1,8 @@
 var FieldType = require('../Type');
 var marked = require('marked');
-var util = require('util');
+var sanitizeHtml = require('sanitize-html');
 var TextType = require('../text/TextType');
+var util = require('util');
 var utils = require('keystone-utils');
 
 /**
@@ -14,6 +15,11 @@ function markdown (list, path, options) {
 
 	this.toolbarOptions = options.toolbarOptions || {};
 	this.markedOptions = options.markedOptions || {};
+
+	// See sanitize-html docs for defaults
+	// .. https://www.npmjs.com/package/sanitize-html#what-are-the-default-options
+	this.sanitizeOptions = options.sanitizeOptions || {};
+
 	this.height = options.height || 90;
 	this.wysiwyg = ('wysiwyg' in options) ? options.wysiwyg : true;
 
@@ -42,18 +48,29 @@ markdown.prototype.addToSchema = function (schema) {
 	};
 
 	var markedOptions = this.markedOptions;
+	var sanitizeOptions = this.sanitizeOptions;
 
 	var setMarkdown = function (value) {
-		if (value === this.get(paths.md)) {
-			return value;
-		}
-		if (typeof value === 'string') {
-			this.set(paths.html, marked(value, markedOptions));
-			return value;
-		} else {
+		// Clear if saving invalid value
+		if (typeof value !== 'string') {
+			this.set(paths.md, undefined);
 			this.set(paths.html, undefined);
+
 			return undefined;
 		}
+
+		var newMd = sanitizeHtml(value, sanitizeOptions);
+		var newHtml = marked(newMd, markedOptions);
+
+		// Return early if no changes to save
+		if (newMd === this.get(paths.md) && newHtml === this.get(paths.html)) {
+			return newMd;
+		}
+
+		this.set(paths.md, newMd);
+		this.set(paths.html, newHtml);
+
+		return newMd;
 	};
 
 	schema.nested[this.path] = true;
diff --git a/package.json b/package.json
index 3861e949d22..88817cab58b 100644
--- a/package.json
+++ b/package.json
@@ -35,8 +35,8 @@
     "cookie-parser": "1.4.3",
     "debug": "2.6.0",
     "display-name": "0.1.0",
-    "ejs": "2.5.5",
     "dumb-passwords": "^0.2.1",
+    "ejs": "2.5.5",
     "elemental": "0.6.1",
     "embedly": "2.1.0",
     "errorhandler": "1.5.0",
@@ -87,6 +87,7 @@
     "redux-saga": "0.14.3",
     "redux-thunk": "2.2.0",
     "sanitize-filename": "1.6.1",
+    "sanitize-html": "^1.14.1",
     "scmp": "1.0.2",
     "semver": "5.3.0",
     "serve-favicon": "2.3.2",