[oinopion]

XSS open. http://github.com/ninjagod/patchbin/issues#issue/1

[antileet]

I disabled escaping because it had trouble rendering XML code. I thought it was safe but I was wrong.

Fixing now. Thanks! [edit] fixed

[oinopion]

I played a bit with code and I think you could benefit from reading:

http://www.python.org/dev/peps/pep-0008/

http://docs.djangoproject.com/en/dev/topics/forms/

http://docs.djangoproject.com/en/dev/topics/db/models/#many-...