Stubs for security unit test

webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/StoredXssComments.java

@@ -45,6 +45,7 @@ import org.owasp.webgoat.session.WebSession;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.*;
+import org.owasp.encoder.*;
 
 import static org.springframework.http.MediaType.ALL_VALUE;
 import java.io.IOException;
@@ -76,6 +77,7 @@ public class StoredXssComments extends AssignmentEndpoint {
         Collection<Comment> allComments = Lists.newArrayList();
         // no filtering applied here at render
         allComments.addAll(comments);
+
         return allComments;
     }
 

webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java

@@ -73,4 +73,16 @@ public class StoredXssCommentsTest extends AssignmentEndpointTest {
         results.andExpect(status().isOk());
         results.andExpect(jsonPath("$.lessonCompleted",CoreMatchers.is(false)));
     }
+
+    @Test
+    public void isNotEncoded() {
+        assert true;
+        //TODO: get around to this
+    }
+
+    @Test
+    public void isEncoded() {
+        assert true;
+        //TODO: get around to this
+    }
 }