From 60c7fdd0dbcbc09aaa22f5c772666c716344f8cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Zubcevic?= <rene@zubcevic.com>
Date: Wed, 9 Dec 2020 17:40:33 +0100
Subject: [PATCH] activation button tested

---
 .../main/java/org/owasp/webgoat/xxe/SimpleXXE.java    |  2 +-
 webgoat-lessons/xxe/src/main/resources/html/XXE.html  | 11 +++++++----
 .../lessonPlans/en/XXE_static_code_analysis.adoc      |  2 +-
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java
index fe5176351..c2e0cde96 100644
--- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java
+++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java
@@ -118,7 +118,7 @@ public class SimpleXXE extends AssignmentEndpoint {
 		if (applySecurity == null) {
 			request.getSession().setAttribute("applySecurity", "true");
 		}
-		return "xxe security will be applied";
+		return "xxe security patch is now applied, you can try the previous challenges and see the effect!";
     }
 
 }
diff --git a/webgoat-lessons/xxe/src/main/resources/html/XXE.html b/webgoat-lessons/xxe/src/main/resources/html/XXE.html
index 9c5dff2c3..20a232b39 100644
--- a/webgoat-lessons/xxe/src/main/resources/html/XXE.html
+++ b/webgoat-lessons/xxe/src/main/resources/html/XXE.html
@@ -1,6 +1,8 @@
 <html xmlns:th="http://www.thymeleaf.org">
-
-<script th:src="@{/lesson_js/xxe.js}" language="JavaScript"></script>
+<header>
+<script th:src="@{/lesson_js/xxe.js}"></script>
+</header>
+<body>
 
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:XXE_plan.adoc"></div>
@@ -218,8 +220,9 @@
 
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:XXE_static_code_analysis.adoc"></div>
-    <a href="/WebGoat/xxe/applysecurity" onclick="javascript:return false;">Apply XXE security patch</a>
+    <br/>
+    <a id="submitlink" class="btn btn-primary" href="" onclick="javascript:$('#patchbutton').load('/WebGoat/xxe/applysecurity');return false;"><span id="patchbutton">Apply XXE security patch</span></a>
 </div>
 
-
+</body>
 </html>
\ No newline at end of file
diff --git a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_static_code_analysis.adoc b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_static_code_analysis.adoc
index f62bd476d..02edd5aba 100644
--- a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_static_code_analysis.adoc
+++ b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_static_code_analysis.adoc
@@ -14,7 +14,7 @@ SonarQube also shows you what you could do to fix this.
 
 image::images/xxe-suggested-fix.png[XXE suggested fix]
 
-If you click on the link below, you can try to do the XXE challenges again and you will notice that the vulnerabilities are mitigated.
+If you click on the button below, you can try to do the XXE challenges again and you will notice that the vulnerabilities are mitigated.