From 489bff08f8fabfbef27e75d856254e9629b3784f Mon Sep 17 00:00:00 2001
From: "rogan.dawes" <rogan.dawes@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Thu, 10 Jan 2008 10:47:33 +0000
Subject: [PATCH] cleaning up a bit

git-svn-id: http://webgoat.googlecode.com/svn/trunk@255 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../org/owasp/webgoat/lessons/DangerousEval.java      | 11 -----------
 .../WebContent/javascript/clientSideFiltering.js      |  2 +-
  webgoat/main/project/WebContent/javascript/eval.js   | 10 +++++++++-
 3 files changed, 10 insertions(+), 13 deletions(-)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java
index a059c6cec..794171bee 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DangerousEval.java	
@@ -82,17 +82,6 @@ public class DangerousEval extends LessonAdapter
 		    float total = 0.0f;
 		    float runningTotal = 0.0f;
 	
-		    // test input field1
-		    if (!pattern1.matcher(param1).matches())
-		    {
-				if (param1.toLowerCase().indexOf("script") != -1)
-				{
-				    //makeSuccess(s);
-				}
-		
-				s.setMessage("Whoops! You entered " + HtmlEncoder.encode(param1) + " instead of your three digit code.  Please try again.");
-		    }
-	
 		    // FIXME: encode output of field2, then s.setMessage( field2 );
 		    ec.addElement("<script src=\"javascript/eval.js\"/>");
 		    ec.addElement(new HR().setWidth("90%"));
diff --git a/ webgoat/main/project/WebContent/javascript/clientSideFiltering.js b/ webgoat/main/project/WebContent/javascript/clientSideFiltering.js
index ab0ba775f..eeb662858 100644
--- a/ webgoat/main/project/WebContent/javascript/clientSideFiltering.js	
+++ b/ webgoat/main/project/WebContent/javascript/clientSideFiltering.js	
@@ -55,7 +55,7 @@ function ajaxFunction(userId)
       var result = xmlHttp.responseText;
       if(xmlHttp.readyState==4)
         {
-        	document.getElementById("hiddenEmployeeRecords").innerHTML=result 
+        	document.getElementById("hiddenEmployeeRecords").innerHTML=result; 
         	
         }
       }
diff --git a/ webgoat/main/project/WebContent/javascript/eval.js b/ webgoat/main/project/WebContent/javascript/eval.js
index c7b829fda..69125b665 100644
--- a/ webgoat/main/project/WebContent/javascript/eval.js	
+++ b/ webgoat/main/project/WebContent/javascript/eval.js	
@@ -36,7 +36,15 @@ function makeXHR(method, url, parameters) {
       			//alert('status: ' + status);
       			//alert('responseText: ' + responseText);
       			
-      			eval(http_request.responseText);
+      			eval(http_request.responseText);      			
+		
+      			if(responseText.indexOf("');") != -1 
+	      			&& responseText.indexOf("alert") != -1 
+	      			&& responseText.indexOf("document.cookie") != -1){
+	      			
+	      			document.form.submit();
+      			}
+      			
       		}
       };
       
