diff --git a/browser/components/MarkdownPreview.js b/browser/components/MarkdownPreview.js
index 17d2cb82..7bfd8a10 100755
--- a/browser/components/MarkdownPreview.js
+++ b/browser/components/MarkdownPreview.js
@@ -625,11 +625,16 @@ export default class MarkdownPreview extends React.Component {
       indentSize,
       showCopyNotification,
       storagePath,
-      noteKey
+      noteKey,
+      sanitize
     } = this.props
     let { value, codeBlockTheme } = this.props
 
     this.refs.root.contentWindow.document.body.setAttribute('data-theme', theme)
+    if (sanitize === 'NONE') {
+      const splitWithCodeTag = value.split('```')
+      value = attachmentManagement.escapeHtmlCharactersInCodeTag(splitWithCodeTag)
+    }
     const renderedHTML = this.markdown.render(value)
     attachmentManagement.migrateAttachments(value, storagePath, noteKey)
     this.refs.root.contentWindow.document.body.innerHTML = attachmentManagement.fixLocalURLS(
diff --git a/browser/main/lib/dataApi/attachmentManagement.js b/browser/main/lib/dataApi/attachmentManagement.js
index 373efddc..43136bc0 100644
--- a/browser/main/lib/dataApi/attachmentManagement.js
+++ b/browser/main/lib/dataApi/attachmentManagement.js
@@ -7,6 +7,7 @@ const fse = require('fs-extra')
 const escapeStringRegexp = require('escape-string-regexp')
 const sander = require('sander')
 import i18n from 'browser/lib/i18n'
+import { escapeHtmlCharacters } from '../../../lib/utils'
 
 const STORAGE_FOLDER_PLACEHOLDER = ':storage'
 const DESTINATION_FOLDER = 'attachments'
@@ -220,6 +221,31 @@ function migrateAttachments (markdownContent, storagePath, noteKey) {
   }
 }
 
+/**
+ * @description Convert special characters between ```
+ * @param {string[]} splitWithCodeTag Array of HTML strings separated by ```
+ * @returns {string} HTML in which special characters between ``` have been converted
+ */
+function escapeHtmlCharactersInCodeTag (splitWithCodeTag) {
+  for (let index = 0; index < splitWithCodeTag.length; index++) {
+    const codeTagRequired = (splitWithCodeTag[index] !== '\`\`\`' && index < splitWithCodeTag.length - 1)
+    if (codeTagRequired) {
+      splitWithCodeTag.splice((index + 1), 0, '\`\`\`')
+    }
+  }
+  let inCodeTag = false
+  let result = ''
+  for (let content of splitWithCodeTag) {
+    if (content === '\`\`\`') {
+      inCodeTag = !inCodeTag
+    } else if (inCodeTag) {
+      content = escapeHtmlCharacters(content)
+    }
+    result += content
+  }
+  return result
+}
+
 /**
  * @description Fixes the URLs embedded in the generated HTML so that they again refer actual local files.
  * @param {String} renderedHTML HTML in that the links should be fixed
@@ -574,6 +600,7 @@ function handleAttachmentLinkPaste (storageKey, noteKey, linkText) {
 module.exports = {
   copyAttachment,
   fixLocalURLS,
+  escapeHtmlCharactersInCodeTag,
   generateAttachmentMarkdown,
   handleAttachmentDrop,
   handlePastImageEvent,