# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1592582221 -7200
# Node ID caa3767707fbf6c1e452bc222e31eded2bbac214
# Parent  7345ccb7f9df314ca1c88cc58660db49b500dce6
base/base.html: expose CSRF token to script + fixed script content

diff -r 7345ccb7f9df -r caa3767707fb sat_templates/templates/bulma/base/base.html
--- a/sat_templates/templates/bulma/base/base.html	Fri Jun 19 16:53:20 2020 +0200
+++ b/sat_templates/templates/bulma/base/base.html	Fri Jun 19 17:57:01 2020 +0200
@@ -58,10 +58,14 @@
         </style>
     {% endif %}
 
+    {% if csrf_token is defined %}
+        <script>var csrf_token = "{{csrf_token}}";</script>
+    {% endif %}
+
     {{ script.generate_scripts() }}
 
     {% for script in scripts %}
-        <script{{ {'src': script.src, 'type': script.type} | xmlattr }}>{{script.content}}</script>
+        <script{{ {'src': script.src, 'type': script.type} | xmlattr }}>{{script.content|safe}}</script>
     {% endfor %}
 
     {% block favicon %}
diff -r 7345ccb7f9df -r caa3767707fb sat_templates/templates/default/base/base.html
--- a/sat_templates/templates/default/base/base.html	Fri Jun 19 16:53:20 2020 +0200
+++ b/sat_templates/templates/default/base/base.html	Fri Jun 19 17:57:01 2020 +0200
@@ -57,6 +57,9 @@
     {% endif %}
 
     {# JS handling #}
+    {% if csrf_token is defined %}
+        <script>var csrf_token = "{{csrf_token}}";</script>
+    {% endif %}
     {% if websocket is defined %}
         {{ script.include('websocket', '') }}
     {% endif %}
@@ -64,7 +67,7 @@
     <script>expand_txt="{% trans %}Click to expand…{% endtrans %}"; reduce_txt="{% trans %}Click to reduce…{% endtrans %}";</script>
     {{ script.generate_scripts() }}
     {% for script in scripts %}
-        <script{{ {'src': script.src, 'type': script.type} | xmlattr }}>{{script.content}}</script>
+        <script{{ {'src': script.src, 'type': script.type} | xmlattr }}>{{script.content|safe}}</script>
     {% endfor %}
     {% if websocket is defined %}
         <script>var socket=new WSHandler("{{websocket.url}}", "{{websocket.token}}", {{websocket.debug}});</script>