XSS Lesson Modifications (#367)

* initial cut on XSS, need to add some tests still

* initial unit tests for assignment endpoints

* updating header comment license thingy

* comment, clean up

* Stubs for security unit test

* Additional Unit Testing

* isEncoded and isNotEncoded Unit Tests added

* http-proxies updates

* update for XXE solutions

* Work-around to handle special chars in action ... currently to be able to match {userId} in hint creation/assignment for IDOR

* IDOR hints updated

* mitigation content update

* mitigation content update ... 2

* Lesson Overview updates

* including restart lesson fix for lesson overview

webgoat-lessons/idor/src/main/resources/html/IDOR.html

@@ -138,7 +138,7 @@
         <!-- modify the action to point to the intended endpoint -->
         <form class="attack-form" accept-charset="UNKNOWN" id="view-other"
               method="GET" name="view-other-profile"
-              action="/WebGoat/IDOR/profile"
+              action="/WebGoat/IDOR/profile/{userId}"
               enctype="application/json;charset=UTF-8">
             <script th:src="@{/lesson_js/idor.js}" />
 
@@ -163,7 +163,7 @@
         <!-- modify the action to point to the intended endpoint -->
         <form class="attack-form" accept-charset="UNKNOWN" id="edit-other"
               method="GET" name="edit-other-profile"
-              action="/WebGoat/IDOR/profile"
+              action="/WebGoat/IDOR/profile/{userId}"
               enctype="application/json;charset=UTF-8">
             <script th:src="@{/lesson_js/idor.js}" />