]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/skins/default/templates/question.html
projects / osqa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent XSS attacks with wmd using the google-caja html sanitizer.
[osqa.git] / forum / skins / default / templates / question.html
diff --git a/forum/skins/default/templates/question.html b/forum/skins/default/templates/question.html
index 0a75abae5fc4cd4a9baa6e0cfdc7c46762866322..228285730fd1946d0fbfe269fd765e4b6d94d203 100644 (file)
--- a/forum/skins/default/templates/question.html
+++ b/forum/skins/default/templates/question.html
@@ -3,29 +3,81 @@
 {% load node_tags %}\r
 {% load extra_tags %}\r
 {% load extra_filters %}\r
+{% load general_sidebar_tags %}\r
 {% load smart_if %}\r
 {% load humanize %}\r
 {% load i18n %}\r
 {% load cache %}\r
+{% block metadescription %}{{ question.meta_description }}{% endblock %}\r
+{% block metakeywords %}{{question.tagname_meta_generator}}{% endblock %}\r
+{% block meta %}\r
+        <link rel="canonical" href="{{settings.APP_BASE_URL}}{{question.get_absolute_url}}" />\r
+        <link rel="alternate" type="application/rss+xml" title="RSS" href="{{ question.get_absolute_url }}?type=rss">\r
+{% endblock %}\r
 {% block title %}{% spaceless %}{{ question.headline }}{% endspaceless %}{% endblock %}\r
 {% block forejs %}\r
-        <meta name="description" content="{{question.summary}}" />\r
-        <meta name="keywords" content="{{question.tagname_meta_generator}}" />\r
-        <link rel="canonical" href="{{settings.APP_URL}}{{question.get_absolute_url}}" />\r
-        {% if not question.closed %}\r
+        {% if not question.nis.closed %}\r
+        <script type='text/javascript' src='{% media  "/media/js/osqa.question.js" %}'></script>\r
+        <script type='text/javascript' src='{% media  "/media/js/jquery.caret.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/wmd/showdown.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/wmd/wmd.js" %}'></script>\r
+        <script type='text/javascript' src='{% media  "/media/js/html_sanitizer.js" %}'></script>\r
         <link rel="stylesheet" type="text/css" href="{% media  "/media/js/wmd/wmd.css" %}" />\r
+\r
+        {% if embed_youtube_videos %}\r
+        <script type='text/javascript' src='{% media  "/media/js/viewbox_min.js" %}'></script>\r
+        <script type='text/javascript' src='{% media  "/media/js/youtube.js" %}'></script>\r
+        <link rel="stylesheet" type="text/css" href="{% media  "/media/js/viewbox.css" %}" />\r
+        {% endif %}\r
         {% endif %}\r
 \r
         <script type="text/javascript">\r
         $().ready(function(){\r
             $("#nav_questions").attr('className',"on");\r
             var answer_sort_tab = "{{ tab_id }}";\r
-            $("#" + answer_sort_tab).attr('className',"on");\r
+\r
+            if (answer_sort_tab) {\r
+                $("#" + answer_sort_tab).attr('className',"on");\r
+            }\r
 \r
             $('#editor').TextAreaResizer();\r
+\r
+            //toggle preview of editor\r
+            var display = true;\r
+            var txt = "[{% trans "hide preview" %}]";\r
+            $('#pre-collapse').text(txt);\r
+            $('#pre-collapse').bind('click', function(){\r
+                txt = display ? "[{% trans "show preview" %}]" : "[{% trans "hide preview" %}]";\r
+                display = !display;\r
+                $('#previewer').toggle();\r
+                $('#pre-collapse').text(txt);\r
+            });\r
         });\r
+\r
+        function submitClicked(e, f) {\r
+            if(!(browserTester('chrome') || browserTester('safari'))) {\r
+                $("input.submit")[0].disabled=true;\r
+            }\r
+            window.removeEventListener('beforeunload', beforeUnload, true);\r
+            if (f) {\r
+                f.submit();\r
+            }\r
+        }\r
+\r
+        function beforeUnload(e) {\r
+\r
+            if($("textarea#editor")[0].value != "") {\r
+                return yourWorkWillBeLost(e);\r
+            }\r
+\r
+            var commentBoxes = $("textarea.commentBox");\r
+            for(var index = 0; index < commentBoxes.length; index++) {\r
+                if(commentBoxes[index].value != "") {\r
+                    return yourWorkWillBeLost(e);\r
+                }\r
+            }\r
+        }\r
+        window.addEventListener('beforeunload', beforeUnload, true);\r
         </script>\r
         <noscript>\r
             <style>\r
@@ -44,11 +96,11 @@
         \r
 {% block content %}\r
 <div class="headNormal">\r
-    <a href="{{ question.get_absolute_url }}">{{ question.headline }}</a>\r
+    <h1><a href="{{ question.get_absolute_url }}">{{ question.headline }}</a></h1>\r
 </div>\r
 <div id="main-body" class="">\r
     <div id="askform">\r
-            <table style="width:100%;" id="question-table" {% if question.deleted %}class="deleted"{%endif%}>\r
+            <table style="width:100%;" id="question-table" {% post_classes question %}>\r
                 <tr>\r
                     <td style="width:30px;vertical-align:top">\r
                         <div class="vote-buttons">\r
@@ -61,14 +113,15 @@
                             <div class="question-body">\r
                                 {{ question.html|safe }}\r
                             </div>\r
-                            <div id="question-controls" class="post-controls">\r
-                                <div id="question-tags" class="tags">\r
-                                    {% for tag in question.tagname_list %}\r
-                                        <a href="{% url tag_questions tag|urlencode %}" class="post-tag"\r
-                                            title="{% blocktrans with tag as tagname %}see questions tagged '{{ tagname }}'{% endblocktrans %}" rel="tag">{{ tag }}</a>\r
-                                    {% endfor %}\r
-                                </div>\r
+                            <div id="question-tags" class="tags-container tags">\r
+                                {% for tag in question.tagname_list %}\r
+                                    <a href="{% url tag_questions tag|urlencode %}" class="post-tag tag-link-{{ tag }}"\r
+                                        title="{% blocktrans with tag as tagname %}see questions tagged '{{ tagname }}'{% endblocktrans %}" rel="tag">{{ tag }}</a>\r
+                                {% endfor %}\r
+                            </div>\r
+                            <div id="question-controls" class="post-controls">                            \r
                                 {% post_controls question request.user %}\r
+                                {% wiki_symbol request.user question %}\r
                             </div>\r
                             <div class="post-update-info-container">\r
                                     {% contributors_info question %}\r
@@ -79,14 +132,12 @@
                     </td>\r
                 </tr>\r
             </table>\r
-            {% if question.marked %}\r
+            {% if question.nis.closed %}\r
             <div class="question-status" style="margin-bottom:15px">\r
             <h3>\r
-                {% blocktrans with question.closed.extra as close_reason %}\r
-                    The question has been closed for the following reason "{{ close_reason }}" by\r
-                {% endblocktrans %}\r
-                <a href="{{ question.closed.by.get_profile_url }}">{{ question.closed.by.username }}</a>\r
-                 {% diff_date question.closed.at %}\r
+                {% blocktrans with question.nstate.closed.extra as close_reason %}The question has been closed for the following reason "{{ close_reason }}" by{% endblocktrans %}\r
+                <a href="{{ question.nstate.closed.by.get_profile_url }}">{{ question.nstate.closed.by.username }}</a>\r
+                 {% diff_date question.nstate.closed.at %}\r
             </h3>\r
             </div>\r
             {% endif %}\r
@@ -95,26 +146,15 @@
                 <div class="tabBar">\r
                     <a name="sort-top"></a>\r
                     <div class="headQuestions">\r
-                    {% blocktrans count answers|length as counter %}\r
-                    One Answer:\r
-                    {% plural %}\r
-                    {{counter}} Answers:\r
-                    {% endblocktrans %}\r
-                    </div>\r
-                    <div class="tabsA">\r
-                         <a id="oldest" href="{{ question.get_absolute_url }}?sort=oldest#sort-top"\r
-                            title="{% trans "oldest answers will be shown first" %}">{% trans "oldest answers" %}</a>\r
-                        <a id="latest" href="{{ question.get_absolute_url }}?sort=latest#sort-top"\r
-                            title="{% trans "newest answers will be shown first" %}">{% trans "newest answers" %}</a>\r
-                        <a id="votes" href="{{ question.get_absolute_url }}?sort=votes#sort-top" \r
-                            title="{% trans "most voted answers will be shown first" %}">{% trans "popular answers" %}</a>   \r
+                    {% blocktrans count answers.paginator.count as counter %}One Answer:{% plural %}{{counter}} Answers:{% endblocktrans %}\r
                     </div>\r
+                    {{ answers.paginator.sort_tabs }}\r
                 </div>\r
-                {% cnprog_paginator context %}\r
+                {{ answers.paginator.page_numbers }}\r
   \r
-                {% for answer in answers %}\r
+                {% for answer in answers.paginator.page %}\r
                     <a name="{{ answer.id }}"></a>\r
-                    <div id="answer-container-{{ answer.id }}" class="answer {% if answer.accepted %}accepted-answer{% endif %} {% ifequal answer.author_id question.author_id %} answered-by-owner{% endifequal %} {% if answer.deleted %}deleted{% endif %}">\r
+                    <div id="answer-container-{{ answer.id }}" class="answer {% post_classes answer %}{% ifequal answer.id focused_answer_id %} focusedAnswer{% endifequal %}">\r
                         <table style="width:100%;">\r
                             <tr>\r
                                 <td style="width:30px;vertical-align:top">\r
@@ -130,6 +170,7 @@
                                         </div>\r
                                         <div class="answer-controls post-controls">\r
                                             {% post_controls answer request.user %}\r
+                                            {% wiki_symbol request.user answer %}\r
                                         </div>\r
                                         <div class="post-update-info-container">\r
                                             {% contributors_info answer %}\r
@@ -142,10 +183,11 @@
                     </div>\r
                 {% endfor %}\r
                 <div class="paginator-container-left">\r
-                    {% cnprog_paginator context %}\r
+                    {{ answers.paginator.page_numbers }}\r
                 </div>\r
             {% endif %}\r
         <form id="fmanswer" action="{% url answer question.id %}" method="post">\r
+            {% csrf_token %}\r
             <div style="clear:both">\r
             </div>\r
             \r
@@ -161,17 +203,23 @@
                     </div>\r
                     {% endspaceless %}\r
                 </div>\r
+                {% comment %}\r
                 {% if not request.user.is_authenticated %}\r
-                    <div class="message">{% trans "you can answer anonymously and then login" %}</div>\r
+                    <div class="message">{% trans "You can answer anonymously and then login." %}</div>\r
                 {% else %}\r
                     <p class="message">\r
                         {% ifequal request.user question.author  %}\r
-                            {% trans "answer your own question only to give an answer" %}\r
+                            {% trans "Answer your own question only to give an answer." %}\r
                         {% else %}\r
-                            {% trans "please only give an answer, no discussions" %}\r
+                            {% trans "Please only give an answer, no discussions." %}\r
                         {% endifequal %}\r
+                        {% if not request.user.email_valid_and_can_answer %}\r
+                            {% blocktrans %}Remember, your answer will not be published until you validate your email.{% endblocktrans %}\r
+                            <a href="{% url send_validation_email %}">{% trans "Send me a validation link." %}</a>\r
+                        {% endif %}\r
                     </p>\r
                 {% endif %}\r
+                {% endcomment %}\r
 \r
                 <div id="description" class="" >\r
                     <div id="wmd-button-bar" class="wmd-panel"></div>\r
@@ -185,6 +233,7 @@
                                             {% trans "toggle preview" %}\r
                                     </span>\r
                                 </td>\r
+                                <td style="text-align: right;" id="editor-metrics"></td>\r
                                 {% if settings.WIKI_ON %}\r
                                 <td style="text-align:right;">\r
                                     {{ answer.wiki }} \r
@@ -198,11 +247,20 @@
                         \r
                         </table>  \r
                     </div>\r
-                    <div id="previewer" class="wmd-preview"></div>\r
                     {{ answer.text.errors }}\r
+                    <div id="previewer" class="wmd-preview"></div>\r
                 </div>\r
+\r
+                   {% if answer.recaptcha %}\r
+                   <div class="question-captcha" style="float: left;">\r
+                       {{ answer.recaptcha.errors }}\r
+                       {{ answer.recaptcha }}\r
+                   </div>\r
+                   <div class="clear"></div>\r
+                   {% endif %}\r
+                \r
                 <p><span class="form-error"></span></p>\r
-                <input type="submit" \r
+                <input type="button"\r
                     {% if user.is_anonymous %}\r
                         value="{% trans "Login/Signup to Post Your Answer" %}" \r
                     {% else %}\r
@@ -212,7 +270,7 @@
                         value="{% trans "Answer the question" %}" \r
                         {% endif %}\r
                     {% endif %}\r
-                    class="submit" style="float:left"/>\r
+                    class="submit" style="float:left" onclick="submitClicked(event, this.form)"/>\r
             {% endif %}\r
         </form>\r
     </div>\r
@@ -223,15 +281,21 @@
 <div class="boxC" id="subscription_box">\r
     {% include "subscription_status.html" %}\r
 </div>\r
+\r
+{% markdown_help %}\r
+\r
+{% sidebar_upper %}\r
+\r
 {% cache 60 questions_tags settings.APP_URL question.id %}\r
 <div class="boxC">\r
     <p>\r
                {% trans "Question tags" %}:\r
     </p>\r
     <p class="tags" >\r
-        {% for tag in tags %}\r
-               <a href="{% url tag_questions tag.name|urlencode %}" \r
-                       title="{% trans "see questions tagged"%}'{{tag.name}}'{% trans "using tags" %}" \r
+        {% for tag in question.tags.all %}\r
+               <a href="{% url tag_questions tag.name|urlencode %}"\r
+            class="tag-link-{{ tag.name }}"\r
+                       title="{% trans "see questions tagged"%}'{{tag.name}}'{% trans "using tags" %}"\r
                        rel="tag">{{ tag.name }}</a> <span class="tag-number">&#215;{{ tag.used_count|intcomma }}</span><br/>\r
         {% endfor %}\r
     </p>\r
@@ -246,6 +310,7 @@
     </p>\r
 </div>\r
 {% endcache %}\r
+{% sidebar_lower %}\r
 <div class="boxC">\r
     <h3 class="subtitle">{% trans "Related questions" %}</h3>\r
     <div class="questions-related">\r
OSQA