Allowed other criteria to solve lesson and provide some feedback for acceptable solutions

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@464 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-04-25 18:30:06 +00:00 · 2012-04-25 18:30:06 +00:00 · 2ae584d0b2
commit 2ae584d0b2
parent a987ca7cdc
1 changed files with 14 additions and 0 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/DOMXSS.java
+++ b/src/main/java/org/owasp/webgoat/lessons/DOMXSS.java
@ -73,6 +73,10 @@ public class DOMXSS extends SequentialLessonAdapter
 		{
 			getLessonTracker(s).setStage(3);
 			s.setMessage("Stage 2 completed. ");
+		} 
+		else
+		{
+			s.setMessage("Only &lt;img onerror...  attacks are recognized for success criteria");
 		}

 		return (ec);
@ -91,6 +95,16 @@ public class DOMXSS extends SequentialLessonAdapter
 		{
 			getLessonTracker(s).setStage(4);
 			s.setMessage("Stage 3 completed.");
+		} else 	if (attackString.toString().toLowerCase().indexOf("iframe") != -1
+				&& attackString.toString().toLowerCase().indexOf("onload") != -1
+				&& attackString.toString().toLowerCase().indexOf("alert") != -1)
+		{
+			getLessonTracker(s).setStage(3);
+			s.setMessage("Stage 3 completed. ");
+		}
+		else
+		{
+			s.setMessage("Only &lt;iframe javascript/onload...  attacks are recognized for success criteria");
 		}
 		return (ec);
 	}