First checkin for CSRF

(cherry picked from commit a01a767)

webgoat-lessons/csrf/src/main/resources/plugin/CSRF/js/xxe.js

@@ -0,0 +1,15 @@
+webgoat.customjs.register = function () {
+    var xml = '<?xml version="1.0"?>' +
+        '<user>' +
+        '  <username>' + 'test' + '</username>' +
+        '  <password>' + 'test' + '</password>' +
+        '</user>';
+    return xml;
+}
+webgoat.customjs.registerJson = function () {
+    var json = '{' +
+        '  "user":' + '"test"' +
+        '  "password":' + '"test"' +
+        '}';
+    return json;
+}