Prevent XSS attacks with wmd using the google-caja html sanitizer.

[osqa.git] / forum / skins / default / templates / answer_edit.html

diff --git a/forum/skins/default/templates/answer_edit.html b/forum/skins/default/templates/answer_edit.html
index 985adddc84829781f5f1babff6a8e92226ea7ef2..3201dd26de651966b3c59b537a3f3a33f5ab650f 100644 (file)
--- a/forum/skins/default/templates/answer_edit.html
+++ b/forum/skins/default/templates/answer_edit.html
@@ -6,6 +6,7 @@
 {% block forejs %}
         <script type='text/javascript' src='{% media  "/media/js/wmd/showdown.js" %}'></script>
         <script type='text/javascript' src='{% media  "/media/js/wmd/wmd.js" %}'></script>
+        <script type='text/javascript' src='{% media  "/media/js/html_sanitizer.js" %}'></script>
         <link rel="stylesheet" type="text/css" href="{% media  "/media/js/wmd/wmd.css" %}" />
         <script type="text/javascript">
         
@@ -63,7 +64,8 @@
 </div>
 <div id="main-body" class="ask-body">
     <div id="askform">
-        <form id="fmedit" action="{% url edit_answer answer.id %}" method="post" >
+        <form id="fmedit" action="{% url edit_answer answer.id %}" method="post">
+            {% csrf_token %}
             <label for="id_revision" ><strong>{% trans "revision" %}:</strong></label> <br/> 
             {% if revision_form.revision.errors %}{{ revision_form.revision.errors.as_ul }}{% endif %}
             <div>