From e921fb66a944cb053573177bb9f618256fe8f794 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Zubcevic?= <rene@zubcevic.com>
Date: Wed, 8 Apr 2020 10:05:42 +0200
Subject: [PATCH] actual working version of vulnerable components part 5

---
 .../static/js/goatApp/view/GoatRouter.js      | 20 ++++++++++---------
 .../static/js/libs/jquery-ui-1.10.4.js        |  2 +-
 .../src/main/resources/static/js/main.js      |  1 +
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js b/webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js
index 66585a46e..998025524 100644
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js
@@ -6,6 +6,7 @@
 
 define(['jquery',
 	'libs/jquery-vuln',
+	'jqueryuivuln',
     'underscore',
     'backbone',
     'goatApp/controller/LessonController',
@@ -13,8 +14,9 @@ define(['jquery',
     'goatApp/view/LessonContentView',
     'goatApp/view/MenuView',
     'goatApp/view/TitleView'
-], function (jquery,
-             jqueryvuln,
+], function ($,
+             $vuln,
+             jqueryui,
              _,
              Backbone,
              LessonController,
@@ -24,17 +26,17 @@ define(['jquery',
              TitleView) {
 
     function getContentElement() {
-        return jquery('#main-content');
+        return $('#main-content');
     };
 
     function render(view) {
-    	jquery('div.pages').hide();
+    	$('div.pages').hide();
         //TODO this works for now because we only have one page we should rewrite this a bit
         if (view != null) {
-        	jquery('#report-card-page').show();
+        	$('#report-card-page').show();
         } else {
-        	jquery('#lesson-title').show();
-        	jquery('#lesson-page').show();
+        	$('#lesson-title').show();
+        	$('#lesson-page').show();
         }
     };
 
@@ -56,8 +58,8 @@ define(['jquery',
         titleView: null,
 
         setUpCustomJS: function () {
-            webgoat.customjs.jquery = jquery; //passing jquery into custom js scope ... still klunky, but works for now
-            webgoat.customjs.jqueryVuln = jqueryvuln;//ui;//$vuln;
+            webgoat.customjs.jquery = $; //passing jquery into custom js scope ... still klunky, but works for now
+            webgoat.customjs.jqueryVuln = $vuln;
 
             // shim to support xss lesson
             webgoat.customjs.phoneHome = function (e) {
diff --git a/webgoat-container/src/main/resources/static/js/libs/jquery-ui-1.10.4.js b/webgoat-container/src/main/resources/static/js/libs/jquery-ui-1.10.4.js
index e1e90203a..94ff49ea0 100644
--- a/webgoat-container/src/main/resources/static/js/libs/jquery-ui-1.10.4.js
+++ b/webgoat-container/src/main/resources/static/js/libs/jquery-ui-1.10.4.js
@@ -1,4 +1,4 @@
-var jQuery = require('jquery');
+var jQuery = require('libs/jquery-vuln');
 
 /*! jQuery UI - v1.10.3 - 2013-05-03
 * http://jqueryui.com
diff --git a/webgoat-container/src/main/resources/static/js/main.js b/webgoat-container/src/main/resources/static/js/main.js
index 3f951a71a..5b6042c27 100644
--- a/webgoat-container/src/main/resources/static/js/main.js
+++ b/webgoat-container/src/main/resources/static/js/main.js
@@ -25,6 +25,7 @@ require.config({
   baseUrl: "js/",
   paths: {
     jquery: 'libs/jquery.min',
+    jqueryuivuln: 'libs/jquery-ui-1.10.4',
     jqueryui: 'libs/jquery-ui.min',
     underscore: 'libs/underscore-min',
     backbone: 'libs/backbone-min',