From 48d926491f4e352b60ae8b621fa2b3310e61b447 Mon Sep 17 00:00:00 2001
From: Rene Zubcevic <git@zubcevic.com>
Date: Tue, 26 Mar 2019 17:31:40 +0100
Subject: [PATCH] removed possible NullpointerException and System.out

---
 .../java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java   | 1 -
 .../owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java    | 3 ++-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
index 7e6532865..8a438c5ac 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
@@ -57,7 +57,6 @@ public class DOMCrossSiteScripting extends AssignmentEndpoint {
         userSessionData.setValue("randValue",number.nextInt());
 
         if (param1 == 42 && param2 == 24 && request.getHeader("webgoat-requested-by").equals("dom-xss-vuln")) {
-            System.out.println(userSessionData.getValue("randValue") + " << randValue");
             return trackProgress(success().output("phoneHome Response is " + userSessionData.getValue("randValue").toString()).build());
         } else {
             return trackProgress(failed().build());
diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java
index 6ee699bef..80f3cca75 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java
@@ -55,8 +55,9 @@ public class DOMCrossSiteScriptingVerifier extends AssignmentEndpoint {
     AttackResult completed(@RequestParam String successMessage)  throws IOException {
 
         UserSessionData userSessionData = getUserSessionData();
+        String answer = (String) userSessionData.getValue("randValue");
 
-        if (successMessage.equals(userSessionData.getValue("randValue").toString())) {
+        if (successMessage.equals(answer)) {
             return trackProgress(success().feedback("xss-dom-message-success").build());
         } else {
             return trackProgress(failed().feedback("xss-dom-message-failure").build());