Insecure Deserialization exercise

webgoat-lessons/insecure-deserialization/src/main/resources/html/InsecureDeserialization.html

@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+    <div class="lesson-page-wrapper">
+        <!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
+        <!-- include content here. Content will be presented via asciidocs files,
+        which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
+        <div class="adoc-content" th:replace="doc:InsecureDeserialization_Intro.adoc"></div>
+    </div>
+
+    <div class="lesson-page-wrapper">
+        <!-- stripped down without extra comments -->
+        <div class="adoc-content" th:replace="doc:InsecureDeserialization_Task.adoc"></div>
+        <div class="attack-container">
+            <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+            <script th:src="@{/lesson_js/credentials.js}"
+                    language="JavaScript"></script>
+            <form class="attack-form" accept-charset="UNKNOWN" name="task"
+                  method="POST"
+                  action="/WebGoat/InsecureDeserialization/task"
+                  enctype="application/json;charset=UTF-8">
+
+                <input type="textarea" rows="4" cols="40" value="" name="token" placeholder="token"/>
+                <input type="submit" value="Submit" />
+
+            </form>
+            <div class="attack-feedback"></div>
+            <div class="attack-output"></div>
+        </div>
+    </div>
+</html>