Prevent XSS attacks with wmd using the google-caja html sanitizer.

[osqa.git] / forum / skins / default / templates / question.html

diff --git a/forum/skins/default/templates/question.html b/forum/skins/default/templates/question.html
index 2172da9c4089c07bbd232dd1ca7ad7ff27caee17..228285730fd1946d0fbfe269fd765e4b6d94d203 100644 (file)
--- a/forum/skins/default/templates/question.html
+++ b/forum/skins/default/templates/question.html
@@ -21,6 +21,7 @@
         <script type='text/javascript' src='{% media  "/media/js/jquery.caret.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/wmd/showdown.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/wmd/wmd.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/jquery.caret.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/wmd/showdown.js" %}'></script>\r
         <script type='text/javascript' src='{% media  "/media/js/wmd/wmd.js" %}'></script>\r

+        <script type='text/javascript' src='{% media  "/media/js/html_sanitizer.js" %}'></script>\r

         <link rel="stylesheet" type="text/css" href="{% media  "/media/js/wmd/wmd.css" %}" />\r
 \r
         {% if embed_youtube_videos %}\r
         <link rel="stylesheet" type="text/css" href="{% media  "/media/js/wmd/wmd.css" %}" />\r
 \r
         {% if embed_youtube_videos %}\r