tuxcanfly/xss-fix.diff

## xss-fix.diff
diff --git a/markupfield/fields.py b/markupfield/fields.py
index 9398b0d..e3fa355 100644
--- a/markupfield/fields.py
+++ b/markupfield/fields.py
@@ -1,6 +1,8 @@
 from django.conf import settings
 from django.db import models
 from django.utils.safestring import mark_safe
+from django.utils.html import escape
+
 from markupfield import widgets
 from markupfield import markup

@@ -124,7 +126,7 @@ class MarkupField(models.TextField):
             raise ValueError('Invalid markup type (%s), allowed values: %s' %
                              (value.markup_type,
                               ', '.join(self.markup_choices_list)))
-        rendered = self.markup_choices_dict[value.markup_type](value.raw)
+        rendered = self.markup_choices_dict[value.markup_type](escape(value.raw))
         setattr(model_instance, _rendered_field_name(self.attname), rendered)
         return value.raw
	diff --git a/markupfield/fields.py b/markupfield/fields.py
	index 9398b0d..e3fa355 100644
	--- a/markupfield/fields.py
	+++ b/markupfield/fields.py
	@@ -1,6 +1,8 @@
	from django.conf import settings
	from django.db import models
	from django.utils.safestring import mark_safe
	+from django.utils.html import escape
	+
	from markupfield import widgets
	from markupfield import markup

	@@ -124,7 +126,7 @@ class MarkupField(models.TextField):
	raise ValueError('Invalid markup type (%s), allowed values: %s' %
	(value.markup_type,
	', '.join(self.markup_choices_list)))
	- rendered = self.markup_choices_dict[value.markup_type](value.raw)
	+ rendered = self.markup_choices_dict[value.markup_type](escape(value.raw))
	setattr(model_instance, _rendered_field_name(self.attname), rendered)
	return value.raw