diff --git a/src/core/mainconfig.cpp b/src/core/mainconfig.cpp
index a9e7254c90..fcf6fff0f9 100644
--- a/src/core/mainconfig.cpp
+++ b/src/core/mainconfig.cpp
@@ -119,4 +119,5 @@ QString MainConfig::getVersion(const QJsonObject &p_jobj)
 void MainConfig::doVersionSpecificOverride()
 {
     // In a new version, we may want to change one value by force.
+    m_editorConfig->getMarkdownEditorConfig().m_protectFromXss = true;
 }
diff --git a/src/core/markdowneditorconfig.h b/src/core/markdowneditorconfig.h
index 97d2701c8e..9a92464d4e 100644
--- a/src/core/markdowneditorconfig.h
+++ b/src/core/markdowneditorconfig.h
@@ -231,7 +231,7 @@ namespace vnotex
         bool m_fetchImagesInParseAndPaste = true;
 
         // Whether protect from Cross-Site Scripting.
-        bool m_protectFromXss = false;
+        bool m_protectFromXss = true;
 
         // Whether allow HTML tag in Markdown source.
         bool m_htmlTagEnabled = true;
diff --git a/src/data/core/vnotex.json b/src/data/core/vnotex.json
index 29300e95b0..84ac467e6b 100644
--- a/src/data/core/vnotex.json
+++ b/src/data/core/vnotex.json
@@ -462,7 +462,7 @@
             "//comment" : "Whether fetch images to local in Parse To Markdown And Paste",
             "fetch_images_in_parse_and_paste" : true,
             "//comment" : "Whether protect from Cross-Site Scripting attack",
-            "protect_from_xss" : false,
+            "protect_from_xss" : true,
             "//comment" : "Whether allow HTML tags in source",
             "html_tag" : true,
             "//comment" : "Whether auto break a line with '\\n'",