dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added jsoup html parser

Browse Source
This commit is contained in:
Philippe Steinbach
2018-11-27 14:29:39 +01:00
committed by Nanne Baars
parent 971062561d
commit 63502d6328
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java
View File

@ -8,6 +8,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.jsoup.*;
import org.w3c.dom.*;
import javax.tools.*;
import java.io.IOException;
@ -34,6 +37,9 @@ public class CrossSiteScriptingLesson3 extends AssignmentEndpoint {
//check html string for regex
//check for c:out && escapeXml="true" && !request.getParameter
Document doc = Jsoup.parse(editor);
Element e = doc.getElementById();
System.out.println(editor);
if (editor.contains("c:out") && editor.contains("escapeXml=\"true\"") && editor.contains("value=\"${last_name}\"") && editor.contains("value=\"${first_name}\"")) {
System.out.println("true");