dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

finished assignment

Browse Source
This commit is contained in:
PhilippeSteinbach
2018-12-03 11:37:09 +01:00
committed by Nanne Baars
parent 94b936036a
commit 8bc91ba4ec
6 changed files with 74 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/cross-site-scripting/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -30,7 +30,9 @@ xss-stored-comment-success=It appears your payload should invoke the function. T
xss-stored-comment-failure=We can't see the payload in your submission, but XSS can be tricky. Look for the call back fired after the comments reload. If you see that and can put the correct value there and put it in, maybe you did succeed.
xss-stored-callback-success=Yes, that is the correct value (note, it will be a different value each time the phoneHome endpoint is called).
xss-stored-callback-failure=No, that is not the correct value (note, it will be a different value each time the phoneHome endpoint is called).
xss-mitigation-3-hint1=You don't store the user input in this example. Try to escape the user input right before you it into the HTML element.
xss-mitigation-3-hint1=You don't store the user input in this example. Try to html entity escape the user input right before you it into the HTML element.
xss-mitigation-3-hint2=Use JavaServer Pages Standard Tag Library (JSTL) tags or Unified Expression Language
xss-mitigation-3-hint3=You don't have to import the libs. (<%@ taglib uri = "http://java.sun.com/jsp/jstl/core" prefix = "c" %> and <%@ taglib uri = "http://java.sun.com/jsp/jstl/functions" prefix = "fn" %> already included in this example)
xss-mitigation-3-hint4=Have you ever heared of escapeXml? Ask the web.
xss-mitigation-3-hint4=Have you ever heard of escapeXml? Ask the web.
xss-mitigation-3-success=You have completed this lesson. Congratulations!
xss-mitigation-3-failure=This in not the correct answer. Try again!