From 2ae584d0b294c1ba7850f9f99f76b142bb5cbb6c Mon Sep 17 00:00:00 2001
From: "mayhew64@gmail.com"
 <mayhew64@gmail.com@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Wed, 25 Apr 2012 18:30:06 +0000
Subject: [PATCH] Allowed other criteria to solve lesson and provide some
 feedback for acceptable solutions

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@464 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../java/org/owasp/webgoat/lessons/DOMXSS.java     | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/main/java/org/owasp/webgoat/lessons/DOMXSS.java b/src/main/java/org/owasp/webgoat/lessons/DOMXSS.java
index 15bc94ed6..a5574dcfe 100644
--- a/src/main/java/org/owasp/webgoat/lessons/DOMXSS.java
+++ b/src/main/java/org/owasp/webgoat/lessons/DOMXSS.java
@@ -73,6 +73,10 @@ public class DOMXSS extends SequentialLessonAdapter
 		{
 			getLessonTracker(s).setStage(3);
 			s.setMessage("Stage 2 completed. ");
+		} 
+		else
+		{
+			s.setMessage("Only &lt;img onerror...  attacks are recognized for success criteria");
 		}
 
 		return (ec);
@@ -91,6 +95,16 @@ public class DOMXSS extends SequentialLessonAdapter
 		{
 			getLessonTracker(s).setStage(4);
 			s.setMessage("Stage 3 completed.");
+		} else 	if (attackString.toString().toLowerCase().indexOf("iframe") != -1
+				&& attackString.toString().toLowerCase().indexOf("onload") != -1
+				&& attackString.toString().toLowerCase().indexOf("alert") != -1)
+		{
+			getLessonTracker(s).setStage(3);
+			s.setMessage("Stage 3 completed. ");
+		}
+		else
+		{
+			s.setMessage("Only &lt;iframe javascript/onload...  attacks are recognized for success criteria");
 		}
 		return (ec);
 	}