From 3fdfb1d99cc37f645fa1f041fa0bd1bea333a54d Mon Sep 17 00:00:00 2001
From: JamieH <JamieH@users.noreply.github.com>
Date: Tue, 13 Sep 2016 15:29:13 +0100
Subject: [PATCH] Fix XSS in the preview functionality

By default this library uses the including preview page, which doesn't make use of the markdown_safe function. I changed the page to use markdown_safe so that this page wouldn't allow XSS by default.
---
 django_markdown/templates/django_markdown/preview.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/django_markdown/templates/django_markdown/preview.html b/django_markdown/templates/django_markdown/preview.html
index 718cadb..836b3a9 100644
--- a/django_markdown/templates/django_markdown/preview.html
+++ b/django_markdown/templates/django_markdown/preview.html
@@ -9,7 +9,7 @@
 <link rel="stylesheet" type="text/css" href="{% static css %}" />
 </head>
 <body>
-{{ content|markdown }}
+{{ content|markdown_safe }}
 </body>
 </html>