diff --git a/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js b/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
index beb0f6fa6..dd96905cb 100644
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
@@ -80,7 +80,9 @@ define(['jquery',
var self = this;
// TODO custom Data prep for submission
var prepareDataFunctionName = $(curForm).attr('prepareData');
+ var callbackFunctionName = $(curForm).attr('callback');
var submitData = (typeof webgoat.customjs[prepareDataFunctionName] === 'function') ? webgoat.customjs[prepareDataFunctionName]() : $(curForm).serialize();
+ var callbackFunction = (typeof webgoat.customjs[callbackFunctionName] === 'function') ? webgoat.customjs[callbackFunctionName] : function() {};
// var submitData = this.$form.serialize();
this.curForm = curForm;
this.$curFeedback = $(curForm).closest('.attack-container').find('.attack-feedback');
@@ -93,14 +95,16 @@ define(['jquery',
url:formUrl,
method:formMethod,
contentType:contentType,
- data: submitData
+ data: submitData,
+ complete: function (data) {
+ callbackFunction();
+ }
}).then(self.onSuccessResponse.bind(self), self.onErrorResponse.bind(self));
return false;
},
onSuccessResponse: function(data) {
this.renderFeedback(data.feedback);
-
this.renderOutput(data.output || "");
//TODO: refactor back assignmentCompleted in Java
if (data.lessonCompleted || data.assignmentCompleted) {
diff --git a/webgoat-lessons/sol.txt b/webgoat-lessons/sol.txt
index c686e4396..d54494a64 100644
--- a/webgoat-lessons/sol.txt
+++ b/webgoat-lessons/sol.txt
@@ -11,7 +11,7 @@ Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from
## XXE ##
-Simple - ]> &root;test
+Simple - ]>&root;
Modern Rest Framework - change content type to: Content-Type: application/xml &&
]> &root;test
diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/SimpleXXE.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/SimpleXXE.java
index f1f5bdfc3..4a3de9d8f 100644
--- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/SimpleXXE.java
+++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/SimpleXXE.java
@@ -9,7 +9,6 @@ import org.owasp.webgoat.assignments.AttackResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@@ -65,7 +64,7 @@ public class SimpleXXE extends AssignmentEndpoint {
@RequestMapping(method = POST, consumes = ALL_VALUE, produces = APPLICATION_JSON_VALUE)
@ResponseBody
- public AttackResult createNewComment(@RequestBody String commentStr, @RequestHeader("Content-Type") String contentType) throws Exception {
+ public AttackResult createNewComment(@RequestBody String commentStr) throws Exception {
String error = "";
try {
Comment comment = comments.parseXml(commentStr);
diff --git a/webgoat-lessons/xxe/src/main/resources/html/XXE.html b/webgoat-lessons/xxe/src/main/resources/html/XXE.html
index 21b4aa916..bbdc2e39a 100644
--- a/webgoat-lessons/xxe/src/main/resources/html/XXE.html
+++ b/webgoat-lessons/xxe/src/main/resources/html/XXE.html
@@ -24,8 +24,10 @@