diff --git a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
index 3187e936b..4e7802e77 100644
--- a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
+++ b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
@@ -33,8 +33,10 @@ import org.mockito.runners.MockitoJUnitRunner;
import org.owasp.webgoat.assignments.AssignmentEndpointTest;
import org.springframework.http.MediaType;
import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.util.Assert;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
@@ -80,12 +82,17 @@ public class StoredXssCommentsTest extends AssignmentEndpointTest {
*/
//Ensures it is vulnerable
-// @Test
-// public void isNotEncoded() throws Exception {
-// //do get to get comments after posting xss payload
-// ResultActions taintedResults = mockMvc.perform(MockMvcRequestBuilders.get("/CrossSiteScripting/stored-xss"));
-// taintedResults.andExpect(jsonPath("$[0].text",CoreMatchers.is(CoreMatchers.containsString(""))));
-// }
+ @Test
+ public void isNotEncoded() throws Exception {
+ //do get to get comments after posting xss payload
+ ResultActions taintedResults = mockMvc.perform(MockMvcRequestBuilders.get("/CrossSiteScripting/stored-xss"));
+ MvcResult mvcResult = taintedResults.andReturn();
+ assert(mvcResult.getResponse().getContentAsString().contains("