dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update for WEB-69. Fix for JSONInjection lesson. Stub in javascript for CSRF lesson update/fix

Browse Source
This commit is contained in:
Jason White 2014-09-19 15:37:45 -06:00
parent bcf7c9a159
commit 13e3bb87c4
4 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/owasp/webgoat/lessons/JSONInjection.java
View File

@ -106,7 +106,7 @@ public class JSONInjection extends LessonAdapter
protected Element createContent(WebSession s)
{
ElementContainer ec = new ElementContainer();
String lineSep = System.getProperty("line.separator");
String lineSep = System.getProperty("line.separator");
String script = "<script>"
+ lineSep
+ "function getFlights() {"
@ -192,11 +192,11 @@ public class JSONInjection extends LessonAdapter
"function check(){"
+ lineSep
+ " if ( document.getElementById('radio0').checked )"
+ " if ( document.getElementById('radio0') && document.getElementById('radio0').checked )"
+ lineSep
+ " { document.getElementById('price2Submit').value = document.getElementById('priceID0').innerHTML; return true;}"
+ lineSep
+ " else if ( document.getElementById('radio1').checked )"
+ " else if ( document.getElementById('radio1') && document.getElementById('radio1').checked )"
+ lineSep
+ " { document.getElementById('price2Submit').value = document.getElementById('priceID1').innerHTML; return true;}"
+ lineSep + " else " + lineSep + " { alert('Please choose one flight'); return false;}" + lineSep + "}"

4
src/main/webapp/WEB-INF/pages/main_new.jsp
View File

@ -148,8 +148,8 @@
<span class="glyphicon-class glyphicon glyphicon-circle-arrow-left" id="showPrevHintBtn" ng-click="viewPrevHint()"></span>
<span class="glyphicon-class glyphicon glyphicon-circle-arrow-right" id="showNextHintBtn" ng-click="viewNextHint()"></span>
<br/>
<span id="curHintContainer"></span><!--{{curHint}}-->
<span bind-html-unsafe="curHint"></span>
<!--<span id="curHintContainer"></span>-->
</div>
</div>
</div>

4
src/main/webapp/js/goatControllers.js
View File

@ -82,10 +82,12 @@ var goatMenu = function($scope, $http, $modal, $log, $templateCache) {
$("#lessonTitle").text(reply.data);
}
);
//TODO encode html or get angular js portion working
$("#lesson_content").html(reply.data);
//hook forms
goat.utils.makeFormsAjax();
$('#leftside-navigation').height($('#main-content').height()+15)//TODO: get ride of fixed value (15)here
//notifies goatLesson Controller of the less change
$scope.$emit('lessonUpdate',{params:curScope.parameters});
}
)
@ -207,7 +209,7 @@ var goatLesson = function($scope,$http,$log) {
$scope.curHint = $scope.hints[$scope.hintIndex].hint;
//$scope.curHint = $sce.trustAsHtml($scope.hints[$scope.hintIndex].hint);
//TODO get html binding workin in the UI ... in the meantime ...
$scope.renderCurHint();
//$scope.renderCurHint();
$scope.manageHintButtons();
};

3
src/main/webapp/js/goatUtil.js
View File

@ -90,6 +90,9 @@ goat.utils = {
},
makeId: function (lessonName) {
return lessonName.replace(/\s|\(|\)|\!|\:|\;|\@|\#|\$|\%|\^|\&|\*/g,'');//TODO move the replace routine into util function
},
ajaxifyAttackHREF: function () {
// stub for dealing with CSRF lesson link issues and other similar issues
}
};