some cleanup, and removing unneeded ClassNotFoundExceptions

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@361 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-08-12 14:33:22 +00:00
parent 9c84df3d6c
commit 775fdad7c4
10 changed files with 34 additions and 45 deletions
--- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
@ -149,6 +149,9 @@ public class CrossSiteScripting extends GoatHillsFinancial
 		hints.add("Stage2: The java.util.regex package is useful for filtering string values.");

 		// Stage 3
+		hints
+				.add("Stage3: Browsers recognize and decode HTML entity encoded content after parsing and interpretting HTML tags.");
+		hints.add("Stage3: An HTML entity encoder is provided in the ParameterParser class.");

 		// Stage 4
 		hints
@ -177,7 +180,7 @@ public class CrossSiteScripting extends GoatHillsFinancial
 			{
 				instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.<br>"
 						+ "As 'Tom', execute a Stored XSS attack against the Street field on the Edit Profile page.  "
-						+ "Verify that 'Jerry' is affected by the attack. <br/>The passwords for the accounts are the prenames.";
+						+ "Verify that 'Jerry' is affected by the attack. <br/>(The passwords for the accounts are the first names.)";
 			}
 			else if (STAGE2.equals(stage))
 			{
--- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java
@ -17,7 +17,6 @@ import org.owasp.webgoat.session.UnauthenticatedException;
 import org.owasp.webgoat.session.UnauthorizedException;
 import org.owasp.webgoat.session.ValidationException;
 import org.owasp.webgoat.session.WebSession;
-import org.owasp.webgoat.util.HtmlEncoder;


 /***************************************************************************************************
--- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
@ -378,10 +378,6 @@ public class UpdateProfile extends DefaultLessonAction
 		{
 			sqle.printStackTrace();
 			s.setMessage("Error updating employee profile");
-		} catch (ClassNotFoundException e)
-		{
-			// TODO Auto-generated catch block
-			e.printStackTrace();
 		}
 		return uid + 1;
 	}
--- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java
@ -4,18 +4,14 @@ package org.owasp.webgoat.lessons.CrossSiteScripting;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
-import org.apache.ecs.xhtml.html;
 import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
 import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
 import org.owasp.webgoat.session.Employee;
 import org.owasp.webgoat.session.ParameterNotFoundException;
-import org.owasp.webgoat.session.ParameterParser;
 import org.owasp.webgoat.session.UnauthenticatedException;
 import org.owasp.webgoat.session.UnauthorizedException;
 import org.owasp.webgoat.session.ValidationException;
 import org.owasp.webgoat.session.WebSession;
-import org.owasp.webgoat.util.HtmlEncoder;
-import com.sun.corba.se.spi.activation.Server;


 /***************************************************************************************************