Reverts to changeset 435, and just add {% csrf_token %} to template forgot_pw.html, since CSRF protection seems to be only here (surely because of django.contrib.auth.views).
if (window.clipboardData) {
c = window.clipboardData.getData("Text");
if (c) {
document.write("<p>The contents of your clipboard:</p>");
document.write("<blockquote>" + c + "</blockquote>");
}
}