#315 Adding UI handling and corresponding expected elements for html files for decoration. Inlucdes minor refactor
This commit is contained in:
		| @ -13,30 +13,29 @@ | ||||
|     which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc --> | ||||
|     <div class="adoc-content" th:replace="doc:IDOR_login.adoc"></div> | ||||
|     <div class="attack-container"> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|         <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <div class="lessonContent"> | ||||
|             <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|             <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|             <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|         <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|  | ||||
|             <!-- modify the action to point to the intended endpoint --> | ||||
|             <form class="attack-form" accept-charset="UNKNOWN" | ||||
|                   method="POST" name="form" | ||||
|                   action="/WebGoat/IDOR/login" | ||||
|                   enctype="application/json;charset=UTF-8"> | ||||
|                 <table> | ||||
|                     <tr> | ||||
|                         <td>user/pass</td> | ||||
|                         <td>user:<input name="username" value="" type="TEXT" /></td> | ||||
|                         <td>pass:<input name="password" value="" type="password" /></td> | ||||
|                         <td> | ||||
|                             <input | ||||
|                                 name="submit" value="Submit" type="SUBMIT"/> | ||||
|                         </td> | ||||
|                     </tr> | ||||
|                 </table> | ||||
|             </form> | ||||
|         </div> | ||||
|         <!-- modify the action to point to the intended endpoint --> | ||||
|         <form class="attack-form" accept-charset="UNKNOWN" | ||||
|               method="POST" name="form" | ||||
|               action="/WebGoat/IDOR/login" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <table> | ||||
|                 <tr> | ||||
|                     <td>user/pass</td> | ||||
|                     <td>user:<input name="username" value="" type="TEXT" /></td> | ||||
|                     <td>pass:<input name="password" value="" type="password" /></td> | ||||
|                     <td> | ||||
|                         <input | ||||
|                             name="submit" value="Submit" type="SUBMIT"/> | ||||
|                     </td> | ||||
|                 </tr> | ||||
|             </table> | ||||
|         </form> | ||||
|         <!-- do not remove the two following div's, this is where your feedback/output will land --> | ||||
|         <div class="attack-feedback"></div> | ||||
|         <div class="attack-output"></div> | ||||
| @ -50,23 +49,22 @@ | ||||
|     which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc --> | ||||
|     <div class="adoc-content" th:replace="doc:IDOR_viewDiffs.adoc"></div> | ||||
|     <div class="attack-container"> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|         <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <div> | ||||
|             <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|             <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|             <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|         <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|  | ||||
|             <!-- modify the action to point to the intended endpoint --> | ||||
|             <form class="attack-form" accept-charset="UNKNOWN" | ||||
|                   method="GET" name="form" | ||||
|                   action="/WebGoat/IDOR/profile" | ||||
|                   enctype="application/json;charset=UTF-8"> | ||||
|                 <script th:src="@{/plugin_lessons/plugin/IDOR/js/idor.js}" /> | ||||
|         <!-- modify the action to point to the intended endpoint --> | ||||
|         <form class="attack-form" accept-charset="UNKNOWN" | ||||
|               method="GET" name="form" | ||||
|               action="/WebGoat/IDOR/profile" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <script th:src="@{/plugin_lessons/plugin/IDOR/js/idor.js}" /> | ||||
|  | ||||
|                 <input name="View Profile" value="View Profile" type="button" onclick="onViewProfile();" /> | ||||
|             <input name="View Profile" value="View Profile" type="button" onclick="onViewProfile();" /> | ||||
|  | ||||
|             </form> | ||||
|         </div> | ||||
|         </form> | ||||
|         <div id="idor-profile"></div> | ||||
|         <!-- do not remove the two following div's, this is where your feedback/output will land --> | ||||
|         <div class="attack-feedback"></div> | ||||
| @ -75,21 +73,20 @@ | ||||
|     </div> | ||||
|  | ||||
|     <div class="attack-container"> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|         <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <div class="lessonContent"> | ||||
|             <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|             <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|             <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|             <div class="adoc-content" th:replace="doc:IDOR_whatDiffs.adoc"></div> | ||||
|             <!-- modify the action to point to the intended endpoint --> | ||||
|             <form class="attack-form" | ||||
|                   method="POST" name="diff-form" | ||||
|                   action="IDOR/diff-attributes" | ||||
|                   enctype="application/json;charset=UTF-8"> | ||||
|                 <input name="attributes" type="text" /> | ||||
|                 <input name="Submit Diffs" value="Submit Diffs" type="submit" /> | ||||
|             </form> | ||||
|         </div> | ||||
|         <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|         <div class="adoc-content" th:replace="doc:IDOR_whatDiffs.adoc"></div> | ||||
|         <!-- modify the action to point to the intended endpoint --> | ||||
|         <form class="attack-form" | ||||
|               method="POST" name="diff-form" | ||||
|               action="IDOR/diff-attributes" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <input name="attributes" type="text" /> | ||||
|             <input name="Submit Diffs" value="Submit Diffs" type="submit" /> | ||||
|         </form> | ||||
|  | ||||
|         <!-- do not remove the two following div's, this is where your feedback/output will land --> | ||||
|         <div class="attack-feedback"></div> | ||||
| @ -104,22 +101,21 @@ | ||||
|     which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc --> | ||||
|     <div class="adoc-content" th:replace="doc:IDOR_viewOwnAltPath.adoc"></div> | ||||
|     <div class="attack-container"> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|         <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <div class="lessonContent"> | ||||
|             <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|             <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|             <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|         <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|  | ||||
|             <!-- modify the action to point to the intended endpoint --> | ||||
|             <form class="attack-form" accept-charset="UNKNOWN" | ||||
|                   method="POST" name="form" | ||||
|                   action="/WebGoat/IDOR/profile/alt-path" | ||||
|                   enctype="application/json;charset=UTF-8"> | ||||
|                 <div class="adoc-content" th:replace="doc:IDOR_inputAltPath.adoc"></div> | ||||
|                 <input name="url" value="WebGoat/" type="text"/> | ||||
|                 <input name="submit" value="Submit" type="SUBMIT"/> | ||||
|             </form> | ||||
|         </div> | ||||
|         <!-- modify the action to point to the intended endpoint --> | ||||
|         <form class="attack-form" accept-charset="UNKNOWN" | ||||
|               method="POST" name="form" | ||||
|               action="/WebGoat/IDOR/profile/alt-path" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <div class="adoc-content" th:replace="doc:IDOR_inputAltPath.adoc"></div> | ||||
|             <input name="url" value="WebGoat/" type="text"/> | ||||
|             <input name="submit" value="Submit" type="SUBMIT"/> | ||||
|         </form> | ||||
|         <!-- do not remove the two following div's, this is where your feedback/output will land --> | ||||
|         <div class="attack-feedback"></div> | ||||
|         <div class="attack-output"></div> | ||||
| @ -133,23 +129,23 @@ | ||||
|     which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc --> | ||||
|     <div class="adoc-content" th:replace="doc:IDOR_viewOtherProfile.adoc"></div> | ||||
|     <div class="attack-container"> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|         <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <div> | ||||
|             <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|             <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|             <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|         <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|  | ||||
|             <!-- modify the action to point to the intended endpoint --> | ||||
|             <form class="attack-form" accept-charset="UNKNOWN" id="view-other" | ||||
|                   method="GET" name="view-other-profile" | ||||
|                   action="/WebGoat/IDOR/profile" | ||||
|                   enctype="application/json;charset=UTF-8"> | ||||
|                 <script th:src="@{/plugin_lessons/plugin/IDOR/js/idor.js}" /> | ||||
|         <!-- modify the action to point to the intended endpoint --> | ||||
|         <form class="attack-form" accept-charset="UNKNOWN" id="view-other" | ||||
|               method="GET" name="view-other-profile" | ||||
|               action="/WebGoat/IDOR/profile" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <script th:src="@{/plugin_lessons/plugin/IDOR/js/idor.js}" /> | ||||
|  | ||||
|                 <input name="View Profile" value="View Profile" type="submit" /> | ||||
|             <input name="View Profile" value="View Profile" type="submit" /> | ||||
|  | ||||
|         </form> | ||||
|  | ||||
|             </form> | ||||
|         </div> | ||||
|         <!-- do not remove the two following div's, this is where your feedback/output will land --> | ||||
|         <div class="attack-feedback"></div> | ||||
|         <div class="attack-output"></div> | ||||
| @ -158,23 +154,22 @@ | ||||
|  | ||||
|     <div class="adoc-content" th:replace="doc:IDOR_editOtherProfile.adoc"></div> | ||||
|     <div class="attack-container"> | ||||
|         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|         <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <div> | ||||
|             <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|             <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|             <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|         <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat --> | ||||
|         <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework --> | ||||
|         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like --> | ||||
|  | ||||
|             <!-- modify the action to point to the intended endpoint --> | ||||
|             <form class="attack-form" accept-charset="UNKNOWN" id="edit-other" | ||||
|                   method="GET" name="edit-other-profile" | ||||
|                   action="/WebGoat/IDOR/profile" | ||||
|                   enctype="application/json;charset=UTF-8"> | ||||
|                 <script th:src="@{/plugin_lessons/plugin/IDOR/js/idor.js}" /> | ||||
|         <!-- modify the action to point to the intended endpoint --> | ||||
|         <form class="attack-form" accept-charset="UNKNOWN" id="edit-other" | ||||
|               method="GET" name="edit-other-profile" | ||||
|               action="/WebGoat/IDOR/profile" | ||||
|               enctype="application/json;charset=UTF-8"> | ||||
|             <script th:src="@{/plugin_lessons/plugin/IDOR/js/idor.js}" /> | ||||
|  | ||||
|                 <input name="View Profile" value="View Profile" type="submit" /> | ||||
|             <input name="View Profile" value="View Profile" type="submit" /> | ||||
|  | ||||
|             </form> | ||||
|         </div> | ||||
|         </form> | ||||
|         <!-- do not remove the two following div's, this is where your feedback/output will land --> | ||||
|         <div class="attack-feedback"></div> | ||||
|         <div class="attack-output"></div> | ||||
|  | ||||
		Reference in New Issue
	
	Block a user