#315 Adding UI handling and corresponding expected elements for html files for decoration. Inlucdes minor refactor

2017-01-25 11:18:24 -05:00
parent dd76cb258c
commit ac16342c17
11 changed files with 361 additions and 345 deletions
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/html/CrossSiteScripting.html
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/html/CrossSiteScripting.html
@ -174,8 +174,8 @@
        which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
 		<div class="adoc-content" th:replace="doc:CrossSiteScripting_content6a.adoc"></div>
 		<div class="attack-container">
+			<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
 			<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
-			<div id="lessonContent">
                <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
                <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
                <!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
@ -193,7 +193,6 @@
 						</tr>
 					</table>
 				</form>
-			</div>
 			<!-- do not remove the two following div's, this is where your feedback/output will land -->
 			<div class="attack-feedback"></div>
 			<div class="attack-output"></div>
@ -228,42 +227,43 @@
 		<div class="adoc-content"
 			th:replace="doc:CrossSiteScripting_content9a.adoc"></div>
 		<div class="attack-container">
+			<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
 			<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
-			<div id="lessonContent">
-				<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
-				<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
-				<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
-				<form class="attack-form" accept-charset="UNKNOWN" method="POST"
-					name="form" action="/WebGoat/CrossSiteScripting/attack9a"
-					enctype="application/json;charset=UTF-8">
-	
-					<table cellspacing="0" cellpadding="0" border="0">
-						<tbody>
-							<tr>
-								<td>Title:</td>
-								<td><input name="title" value="" type="TEXT" /></td>
-							</tr>
-							<tr>
-								<td valign="TOP">Message:</td>
-								<td><textarea cols="60" name="message" rows="5"></textarea></td>
-							</tr>
-						</tbody>
-					</table>
-					<p>
-						<input name="SUBMIT" value="Submit" type="SUBMIT" />
-					</p>
-					<hr />
-					<hr />
-					<h1>Message List</h1>
-					<table cellspacing="0" cellpadding="0" border="0">
-						<tbody>
-							<tr>
-								<td><a href="#" style="cursor: hand" link="attack?Num=1"><u></u></a></td>
-							</tr>
-						</tbody>
-					</table>
-				</form>
-			</div>
+
+			<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
+			<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
+			<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
+			<form class="attack-form" accept-charset="UNKNOWN" method="POST"
+				name="form" action="/WebGoat/CrossSiteScripting/attack9a"
+				enctype="application/json;charset=UTF-8">
+
+				<table cellspacing="0" cellpadding="0" border="0">
+					<tbody>
+						<tr>
+							<td>Title:</td>
+							<td><input name="title" value="" type="TEXT" /></td>
+						</tr>
+						<tr>
+							<td valign="TOP">Message:</td>
+							<td><textarea cols="60" name="message" rows="5"></textarea></td>
+						</tr>
+					</tbody>
+				</table>
+				<p>
+					<input name="SUBMIT" value="Submit" type="SUBMIT" />
+				</p>
+				<hr />
+				<hr />
+				<h1>Message List</h1>
+				<table cellspacing="0" cellpadding="0" border="0">
+					<tbody>
+						<tr>
+							<td><a href="#" style="cursor: hand" link="attack?Num=1"><u></u></a></td>
+						</tr>
+					</tbody>
+				</table>
+			</form>
+
 			<!-- do not remove the two following div's, this is where your feedback/output will land -->
 			<div class="attack-feedback"></div>
 			<div class="attack-output"></div>
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/lessonPlans/en/CrossSiteScripting_content5b.adoc
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/plugin/CrossSiteScripting/lessonPlans/en/CrossSiteScripting_content5b.adoc
@ -0,0 +1,4 @@
+== Was it Really Reflected XSS?
+
+Now, was the last attack truly reflected XSS?
+