diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java
index 8589d999f..cd95617d9 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java
@@ -8,6 +8,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
+import org.jsoup.*;
+import org.w3c.dom.*;
+
 
 import javax.tools.*;
 import java.io.IOException;
@@ -34,6 +37,9 @@ public class CrossSiteScriptingLesson3 extends AssignmentEndpoint {
 
         //check html string for regex
             //check for c:out && escapeXml="true" && !request.getParameter
+        Document doc = Jsoup.parse(editor);
+        Element e = doc.getElementById();
+
         System.out.println(editor);
         if (editor.contains("c:out") && editor.contains("escapeXml=\"true\"") && editor.contains("value=\"${last_name}\"") && editor.contains("value=\"${first_name}\"")) {
             System.out.println("true");
diff --git a/webgoat-lessons/pom.xml b/webgoat-lessons/pom.xml
index 878490b4e..bbbe5a149 100644
--- a/webgoat-lessons/pom.xml
+++ b/webgoat-lessons/pom.xml
@@ -85,6 +85,12 @@
             <artifactId>encoder</artifactId>
             <version>1.2</version>
         </dependency>
+        <dependency>
+            <!-- jsoup HTML parser library @ https://jsoup.org/ -->
+            <groupId>org.jsoup</groupId>
+            <artifactId>jsoup</artifactId>
+            <version>1.11.3</version>
+        </dependency>
         <!-- Temporarily -->
         <dependency>
             <groupId>com.thoughtworks.xstream</groupId>