dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update for WEB-69. Fix for JSONInjection lesson. Stub in javascript for CSRF lesson update/fix

Browse Source
This commit is contained in:
Jason White
2014-09-19 15:37:45 -06:00
parent bcf7c9a159
commit 13e3bb87c4
4 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/owasp/webgoat/lessons/JSONInjection.java
View File

@ -106,7 +106,7 @@ public class JSONInjection extends LessonAdapter
protected Element createContent(WebSession s)
{
ElementContainer ec = new ElementContainer();
String lineSep = System.getProperty("line.separator");
String lineSep = System.getProperty("line.separator");
String script = "<script>"
+ lineSep
+ "function getFlights() {"
@ -192,11 +192,11 @@ public class JSONInjection extends LessonAdapter
"function check(){"
+ lineSep
+ " if ( document.getElementById('radio0').checked )"
+ " if ( document.getElementById('radio0') && document.getElementById('radio0').checked )"
+ lineSep
+ " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerHTML; return true;}"
+ lineSep
+ " else if ( document.getElementById('radio1').checked )"
+ " else if ( document.getElementById('radio1') && document.getElementById('radio1').checked )"
+ lineSep
+ " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerHTML; return true;}"
+ lineSep + " else " + lineSep + " { alert('Please choose one flight'); return false;}" + lineSep + "}"