Escape alt text in templatetag before marking safe.

Thanks to
Santos Gallegos at Read the Docs for reporting this issue.

Author: twaddington

django_gravatar/templatetags/gravatar.py

@@ -36,7 +36,7 @@ def gravatar(user_or_email, size=GRAVATAR_DEFAULT_SIZE, alt_text='', css_class='
     return mark_safe(
         '<img class="{css_class}" src="{src}" width="{width}"'
         ' height="{height}" alt="{alt}" />'.format(
-            css_class=css_class, src=url, width=size, height=size, alt=alt_text
+            css_class=css_class, src=url, width=size, height=size, alt=escape(alt_text)
         )
     )