4 files changed, 5 insertions, 5 deletions

diff --git a/news/views.py b/news/views.py
index 03f3b0ac..c0230f1e 100644
--- a/news/views.py
+++ b/news/views.py
@@ -76,7 +76,7 @@ def view_redirect(request, object_id):
 @require_POST
 def preview(request):
     data = request.POST.get('data', '')
-    markup = markdown.markdown(data)
+    markup = markdown.markdown(data, safe_mode=True)
     return HttpResponse(markup)
 
 # vim: set ts=4 sw=4 et:
diff --git a/templates/feeds/news_description.html b/templates/feeds/news_description.html
index e75d0af7..77830367 100644
--- a/templates/feeds/news_description.html
+++ b/templates/feeds/news_description.html
@@ -1,3 +1,3 @@
 {% load markup %}
 <p>{{obj.author.get_full_name}} wrote:</p>
-{{ obj.content|markdown }}
\ No newline at end of file
+{{ obj.content|markdown:'safe' }}
diff --git a/templates/news/view.html b/templates/news/view.html
index 445f0398..b6c06b28 100644
--- a/templates/news/view.html
+++ b/templates/news/view.html
@@ -28,6 +28,6 @@
 
     <p class="article-info">{{ news.postdate|date }} - {{ news.author.get_full_name }}</p>
 
-    <div class="article-content" itemprop="articleBody">{{ news.content|markdown }}</div>
+    <div class="article-content" itemprop="articleBody">{{ news.content|markdown:'safe' }}</div>
 </div>
 {% endblock %}
diff --git a/templates/public/index.html b/templates/public/index.html
index 000a527b..762433a4 100644
--- a/templates/public/index.html
+++ b/templates/public/index.html
@@ -53,8 +53,8 @@
     </h4>
     <p class="timestamp">{{ news.postdate|date }}</p>
     <div class="article-content">
-        {% if forloop.counter0 == 0 %}{{ news.content|markdown|truncatewords_html:300 }}
-        {% else %}{{ news.content|markdown|truncatewords_html:100 }}{% endif %}
+        {% if forloop.counter0 == 0 %}{{ news.content|markdown:'safe'|truncatewords_html:300 }}
+        {% else %}{{ news.content|markdown:'safe'|truncatewords_html:100 }}{% endif %}
     </div>
     {% else %}
     {% if forloop.counter0 == 5 %}