dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use of script console in stead of browser address bar

Browse Source
This commit is contained in:
René Zubcevic 2020-04-16 13:53:45 +02:00 committed by Nanne Baars
parent 089952e9ad
commit 25e66ae412
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content1.adoc
View File

@ -16,11 +16,11 @@ And if not properly protected, sensitive data (such as your authentication cooki
==== Quick examples: ==== Quick examples:
* From the browser address bar (chrome, Firefox) * From the JavaScript console in the developer tools of the browser (chrome, Firefox)
+ +
---- ----
javascript:alert("XSS Test"); alert("XSS Test");
javascript:alert(document.cookie); alert(document.cookie);
---- ----
* Any data field that is returned to the client is potentially injectable * Any data field that is returned to the client is potentially injectable
+ +