Prevent XSS attacks with wmd using the google-caja html sanitizer.

[osqa.git] / forum / skins / default / templates / question_edit.html

diff --git a/forum/skins/default/templates/question_edit.html b/forum/skins/default/templates/question_edit.html
index 417707472819e3eb644fd3f43d213c93a2c7066e..4f4395080af6cc136e1e8796111129f745f13941 100644 (file)
--- a/forum/skins/default/templates/question_edit.html
+++ b/forum/skins/default/templates/question_edit.html
@@ -6,6 +6,7 @@
 {% block forejs %}
         <script type='text/javascript' src='{% media  "/media/js/wmd/showdown.js" %}'></script>
         <script type='text/javascript' src='{% media  "/media/js/wmd/wmd.js" %}'></script>
+        <script type='text/javascript' src='{% media  "/media/js/html_sanitizer.js" %}'></script>
         <link rel="stylesheet" type="text/css" href="{% media  "/media/js/wmd/wmd.css" %}" />
         <script type="text/javascript">
                //todo move javascript out        
@@ -92,7 +93,8 @@
 </div>
 <div id="main-body" class="ask-body">
     <div id="askform">
-        <form id="fmedit" action="" method="post" >
+        <form id="fmedit" action="" method="post">
+            {% csrf_token %}
             <label for="id_revision" ><strong>{% trans "revision" %}:</strong></label> <br/> 
             {% if revision_form.revision.errors %}{{ revision_form.revision.errors.as_ul }}{% endif %}
             <div style="vertical-align:middle">