Prevent XSS attacks with wmd using the google-caja html sanitizer.

[osqa.git] / forum / skins / default / templates / ask.html

diff --git a/forum/skins/default/templates/ask.html b/forum/skins/default/templates/ask.html
index 26f5fae95bd6264811f1317c66cc6650c5076f07..ec5b1a8e80d6ac2fd5fb38cd541f9bdc9a1beff9 100644 (file)
--- a/forum/skins/default/templates/ask.html
+++ b/forum/skins/default/templates/ask.html
@@ -5,6 +5,7 @@
 {% block forejs %}
         <script type='text/javascript' src='{% media  "/media/js/wmd/showdown.js" %}'></script>
         <script type='text/javascript' src='{% media  "/media/js/wmd/wmd.js" %}'></script>
+        <script type='text/javascript' src='{% media  "/media/js/html_sanitizer.js" %}'></script>
         <link rel="stylesheet" type="text/css" href="{% media  "/media/js/wmd/wmd.css" %}" />
         <script type="text/html" id="question-summary-template">
             <div class="answer-summary">
@@ -94,6 +95,7 @@
 <div id="main-body" class="ask-body">
     <div id="askform">
         <form id="fmask" action="" method="post" accept-charset="utf-8">
+            {% csrf_token %}
                        {% if not request.user.is_authenticated %}
             <div class="message">
                 <span class="strong big">{% trans "You are welcome to start submitting your question anonymously." %}</span>