fixed possible markdown xss

cookbook/templatetags/custom_tags.py

@@ -1,5 +1,7 @@
 from django import template
 import markdown as md
+import bleach
+from bleach_whitelist import markdown_tags, markdown_attrs
 
 register = template.Library()
 
@@ -11,4 +13,4 @@ def get_class(value):
 
 @register.filter()
 def markdown(value):
-    return md.markdown(value, extensions=['markdown.extensions.fenced_code'])
+    return bleach.clean(md.markdown(value, extensions=['markdown.extensions.fenced_code']), markdown_tags, markdown_attrs)

requirements.txt

@@ -7,6 +7,8 @@ djangorestframework
 django-autocomplete-light
 django-emoji-picker
 django-cleanup
+bleach
+bleach-whitelist
 six
 requests
 markdown