From 89e2fc109c6803dc066f7477335dadf5d5079205 Mon Sep 17 00:00:00 2001
From: Jason White <jason.white@owasp.org>
Date: Tue, 27 Jun 2017 10:24:38 -0400
Subject: [PATCH] Work-around to handle special chars in action ... currently
 to be able to match {userId} in hint creation/assignment for IDOR

---
 .../src/main/resources/static/js/goatApp/view/HintView.js       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webgoat-container/src/main/resources/static/js/goatApp/view/HintView.js b/webgoat-container/src/main/resources/static/js/goatApp/view/HintView.js
index 85508c432..169185c56 100644
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/HintView.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/HintView.js
@@ -77,7 +77,7 @@ function($,
         filterHint: function(endpoint) {
             var self = this;
             _.each(this.collection.models, function(hintModel) {
-                if (endpoint.indexOf(hintModel.get('assignmentPath')) > -1) {
+                if (endpoint.indexOf(hintModel.get('assignmentPath')) > -1 || decodeURIComponent(endpoint).indexOf(hintModel.get('assignmentPath')) > -1) {
                     self.hintsToShow.push(hintModel.get('hint'));
                 }
             });