]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/skins/default/templates/question.html
Prevent XSS attacks with wmd using the google-caja html sanitizer.
[osqa.git] / forum / skins / default / templates / question.html
index 7afcf407e372a7d94e72f15ad5f3745053140850..228285730fd1946d0fbfe269fd765e4b6d94d203 100644 (file)
@@ -8,16 +8,27 @@
 {% load humanize %}\r
 {% load i18n %}\r
 {% load cache %}\r
-{% block metadescription %}{{question.summary}}{% endblock %}\r
+{% block metadescription %}{{ question.meta_description }}{% endblock %}\r
 {% block metakeywords %}{{question.tagname_meta_generator}}{% endblock %}\r
+{% block meta %}\r
+        <link rel="canonical" href="{{settings.APP_BASE_URL}}{{question.get_absolute_url}}" />\r
+        <link rel="alternate" type="application/rss+xml" title="RSS" href="{{ question.get_absolute_url }}?type=rss">\r
+{% endblock %}\r
 {% block title %}{% spaceless %}{{ question.headline }}{% endspaceless %}{% endblock %}\r
 {% block forejs %}\r
-        <link rel="canonical" href="{{settings.APP_URL}}{{question.get_absolute_url}}" />\r
-        <link rel="alternate" type="application/rss+xml" title="RSS" href="{{ question.get_absolute_url }}?type=rss">\r
         {% if not question.nis.closed %}\r
+        <script type='text/javascript' src='{% media  "/media/js/osqa.question.js" %}'></script>\r
+        <script type='text/javascript' src='{% media  "/media/js/jquery.caret.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/wmd/showdown.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/wmd/wmd.js" %}'></script>\r
+        <script type='text/javascript' src='{% media  "/media/js/html_sanitizer.js" %}'></script>\r
         <link rel="stylesheet" type="text/css" href="{% media  "/media/js/wmd/wmd.css" %}" />\r
+\r
+        {% if embed_youtube_videos %}\r
+        <script type='text/javascript' src='{% media  "/media/js/viewbox_min.js" %}'></script>\r
+        <script type='text/javascript' src='{% media  "/media/js/youtube.js" %}'></script>\r
+        <link rel="stylesheet" type="text/css" href="{% media  "/media/js/viewbox.css" %}" />\r
+        {% endif %}\r
         {% endif %}\r
 \r
         <script type="text/javascript">\r
             });\r
         });\r
 \r
-        function submitClicked(e) {\r
-            if(!is_chrome)$("input.submit")[0].disabled=true;\r
+        function submitClicked(e, f) {\r
+            if(!(browserTester('chrome') || browserTester('safari'))) {\r
+                $("input.submit")[0].disabled=true;\r
+            }\r
             window.removeEventListener('beforeunload', beforeUnload, true);\r
+            if (f) {\r
+                f.submit();\r
+            }\r
         }\r
 \r
         function beforeUnload(e) {\r
-            var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1;\r
 \r
             if($("textarea#editor")[0].value != "") {\r
-                if(is_chrome) {\r
-                    return "You sure you want to leave?  Your work will be lost.";\r
-                } else {\r
-                    yourWorkWillBeLost(e);\r
-                }\r
-                return false;\r
+                return yourWorkWillBeLost(e);\r
             }\r
 \r
             var commentBoxes = $("textarea.commentBox");\r
             for(var index = 0; index < commentBoxes.length; index++) {\r
                 if(commentBoxes[index].value != "") {\r
-                    if(is_chrome) {\r
-                        return "You sure you want to leave?  Your work will be lost.";\r
-                    } else {\r
-                        yourWorkWillBeLost(e);\r
-                    }\r
-                    return false;\r
+                    return yourWorkWillBeLost(e);\r
                 }\r
             }\r
         }\r
         window.addEventListener('beforeunload', beforeUnload, true);\r
-\r
-        var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1;\r
         </script>\r
         <noscript>\r
             <style>\r
                             </div>\r
                             <div id="question-tags" class="tags-container tags">\r
                                 {% for tag in question.tagname_list %}\r
-                                    <a href="{% url tag_questions tag|urlencode %}" class="post-tag"\r
+                                    <a href="{% url tag_questions tag|urlencode %}" class="post-tag tag-link-{{ tag }}"\r
                                         title="{% blocktrans with tag as tagname %}see questions tagged '{{ tagname }}'{% endblocktrans %}" rel="tag">{{ tag }}</a>\r
                                 {% endfor %}\r
                             </div>\r
   \r
                 {% for answer in answers.paginator.page %}\r
                     <a name="{{ answer.id }}"></a>\r
-                    <div id="answer-container-{{ answer.id }}" class="answer {% post_classes answer %}">\r
+                    <div id="answer-container-{{ answer.id }}" class="answer {% post_classes answer %}{% ifequal answer.id focused_answer_id %} focusedAnswer{% endifequal %}">\r
                         <table style="width:100%;">\r
                             <tr>\r
                                 <td style="width:30px;vertical-align:top">\r
                 </div>\r
             {% endif %}\r
         <form id="fmanswer" action="{% url answer question.id %}" method="post">\r
+            {% csrf_token %}\r
             <div style="clear:both">\r
             </div>\r
             \r
                                             {% trans "toggle preview" %}\r
                                     </span>\r
                                 </td>\r
+                                <td style="text-align: right;" id="editor-metrics"></td>\r
                                 {% if settings.WIKI_ON %}\r
                                 <td style="text-align:right;">\r
                                     {{ answer.wiki }} \r
                         </table>  \r
                     </div>\r
                     {{ answer.text.errors }}\r
-                    <div id="previewer" class="wmd-preview"></div>                    \r
+                    <div id="previewer" class="wmd-preview"></div>\r
                 </div>\r
+\r
+                   {% if answer.recaptcha %}\r
+                   <div class="question-captcha" style="float: left;">\r
+                       {{ answer.recaptcha.errors }}\r
+                       {{ answer.recaptcha }}\r
+                   </div>\r
+                   <div class="clear"></div>\r
+                   {% endif %}\r
+                \r
                 <p><span class="form-error"></span></p>\r
-                <input type="submit"\r
+                <input type="button"\r
                     {% if user.is_anonymous %}\r
                         value="{% trans "Login/Signup to Post Your Answer" %}" \r
                     {% else %}\r
                         value="{% trans "Answer the question" %}" \r
                         {% endif %}\r
                     {% endif %}\r
-                    class="submit" style="float:left" onclick="submitClicked(event)"/>\r
+                    class="submit" style="float:left" onclick="submitClicked(event, this.form)"/>\r
             {% endif %}\r
         </form>\r
     </div>\r
 <div class="boxC" id="subscription_box">\r
     {% include "subscription_status.html" %}\r
 </div>\r
+\r
+{% markdown_help %}\r
+\r
 {% sidebar_upper %}\r
+\r
 {% cache 60 questions_tags settings.APP_URL question.id %}\r
 <div class="boxC">\r
     <p>\r
     </p>\r
     <p class="tags" >\r
         {% for tag in question.tags.all %}\r
-               <a href="{% url tag_questions tag.name|urlencode %}" \r
-                       title="{% trans "see questions tagged"%}'{{tag.name}}'{% trans "using tags" %}" \r
+               <a href="{% url tag_questions tag.name|urlencode %}"\r
+            class="tag-link-{{ tag.name }}"\r
+                       title="{% trans "see questions tagged"%}'{{tag.name}}'{% trans "using tags" %}"\r
                        rel="tag">{{ tag.name }}</a> <span class="tag-number">&#215;{{ tag.used_count|intcomma }}</span><br/>\r
         {% endfor %}\r
     </p>\r