Initial cut on CSRF. More to come

webgoat-lessons/csrf/src/main/resources/html/CSRF.html

@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+
+<html xmlns:th="http://www.thymeleaf.org">
+
+    <div class="lesson-page-wrapper">
+        <div class="adoc-content" th:replace="doc:CSRF_intro.adoc"></div>
+    </div>
+
+    <div class="lesson-page-wrapper">
+        <div class="adoc-content" th:replace="doc:CSRF_GET.adoc"></div>
+    </div>
+
+    <div class="lesson-page-wrapper">
+        <div class="adoc-content" th:replace="doc:CSRF_Get_Flag.adoc"></div>
+
+        <form accept-charset="UNKNOWN" id="basic-csrf-get"
+              method="GET" name="form1"
+              successCallback=""
+              action="/WebGoat/csrf/basic-get-flag"
+              enctype="application/json;charset=UTF-8">
+            <input name="csrf" type="hidden" value="false" />
+            <input type="submit" name="ubmit=" />
+
+        </form>
+    </div>
+
+    <div class="lesson-page-wrapper">
+
+        <div class="adoc-content" th:replace="doc:CSRF_Basic_Get-1.adoc"></div>
+
+
+
+        <div class="attack-container">
+            <div class="assignment-success">
+                    <i class="fa fa-2 fa-check hidden" aria-hidden="true">
+                    </i>
+            </div>
+            <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-1"
+                      method="POST" name="form2"
+                      successCallback=""
+                      action="/WebGoat/csrf/basic-confirm-flag"
+                      enctype="application/json;charset=UTF-8">
+
+                    Confirm Flag Value:
+                    <input type="text" length="6" name="confirmFlagVal" value="false" />
+
+                    <input name="submit" value="Submit" type="submit"/>
+
+            </form>
+
+            <div class="attack-feedback"></div>
+            <div class="attack-output"></div>
+        </div>
+    </div>
+    <!--</div>-->
+
+</html>