activation button tested

webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java

@@ -118,7 +118,7 @@ public class SimpleXXE extends AssignmentEndpoint {
 		if (applySecurity == null) {
 			request.getSession().setAttribute("applySecurity", "true");
 		}
-		return "xxe security will be applied";
+		return "xxe security patch is now applied, you can try the previous challenges and see the effect!";
     }
 
 }

webgoat-lessons/xxe/src/main/resources/html/XXE.html

@@ -1,6 +1,8 @@
 <html xmlns:th="http://www.thymeleaf.org">
-
-<script th:src="@{/lesson_js/xxe.js}" language="JavaScript"></script>
+<header>
+<script th:src="@{/lesson_js/xxe.js}"></script>
+</header>
+<body>
 
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:XXE_plan.adoc"></div>
@@ -218,8 +220,9 @@
 
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:XXE_static_code_analysis.adoc"></div>
-    <a href="/WebGoat/xxe/applysecurity" onclick="javascript:return false;">Apply XXE security patch</a>
+    <br/>
+    <a id="submitlink" class="btn btn-primary" href="" onclick="javascript:$('#patchbutton').load('/WebGoat/xxe/applysecurity');return false;"><span id="patchbutton">Apply XXE security patch</span></a>
 </div>
 
-
+</body>
 </html>

webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_static_code_analysis.adoc

@@ -14,7 +14,7 @@ SonarQube also shows you what you could do to fix this.
 
 image::images/xxe-suggested-fix.png[XXE suggested fix]
 
-If you click on the link below, you can try to do the XXE challenges again and you will notice that the vulnerabilities are mitigated.
+If you click on the button below, you can try to do the XXE challenges again and you will notice that the vulnerabilities are mitigated.