From 25e66ae41269fe0f59ecc81b8f071679df962b14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Zubcevic?= <rene@zubcevic.com>
Date: Thu, 16 Apr 2020 13:53:45 +0200
Subject: [PATCH] use of script console in stead of browser address bar

---
 .../lessonPlans/en/CrossSiteScripting_content1.adoc         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content1.adoc b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content1.adoc
index 2a615ff8a..e2143ab90 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content1.adoc
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content1.adoc
@@ -16,11 +16,11 @@ And if not properly protected, sensitive data (such as your authentication cooki
 
 
 ==== Quick examples:
-* From the browser address bar (chrome, Firefox)
+* From the JavaScript console in the developer tools of the browser (chrome, Firefox)
 +
 ----
-javascript:alert("XSS Test");
-javascript:alert(document.cookie);
+alert("XSS Test");
+alert(document.cookie);
 ----
 * Any data field that is returned to the client is potentially injectable
 +