Fixes OSQA 446 "Security - Multiple cross site scripting (XSS) vulnerabilities".

[osqa.git] / forum / skins / default / templates / question_edit.html

diff --git a/forum/skins/default/templates/question_edit.html b/forum/skins/default/templates/question_edit.html
index 47af6bf813a14012af33c86de73a25297ea9450f..69bf688ef6df0bae9bd98768e5c1c5a5f3fb585a 100644 (file)
--- a/forum/skins/default/templates/question_edit.html
+++ b/forum/skins/default/templates/question_edit.html
@@ -61,23 +61,20 @@
             tag = $("input#id_tags")[0].value;
         });
 
-        function submitClicked(e) {
-            if(!is_chrome) {
+        function submitClicked(e, f) {
+            if(!(browserTester('chrome') || browserTester('safari'))) {
                 $("input.submit")[0].disabled=true;
                 $("input.submit")[1].disabled=true;
             }
             window.removeEventListener('beforeunload', beforeUnload, true);
+            if (f) {
+                f.submit();
+            }
         }
 
         function beforeUnload(e) {
-            var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1;
-
             if($("input#id_title")[0].value != title || $("textarea#editor")[0].value != body || $("input#id_tags")[0].value != tag) {
-                 if(is_chrome) {
-                     return "You sure you want to leave?  Your work will be lost.";
-                 } else {
-                     yourWorkWillBeLost(e);
-                 }
+                 return yourWorkWillBeLost(e);
             }
         }
         window.addEventListener('beforeunload', beforeUnload, true);
@@ -143,8 +140,8 @@
                 {{ form.summary.help_text }}
             </div>
             <div class="error" ></div>
-            <input type="submit" value="{% trans "Save edit" %}" class="submit" onclick="submitClicked(event)" />
-            <input type="button" value="{% trans "Cancel" %}" class="submit" onclick="history.back(-1);submitClicked(event)" />
+            <input type="button" value="{% trans "Save edit" %}" class="submit" onclick="submitClicked(event, this.form)" />
+            <input type="button" value="{% trans "Cancel" %}" class="submit" onclick="submitClicked(event, null); history.back(-1);" />
         </form>
     </div>
 </div>