From f9a43d09612fb2f42e2fbdd02255306bc401782d Mon Sep 17 00:00:00 2001
From: Jason White <jason.white@owasp.org>
Date: Fri, 13 Oct 2017 09:52:19 -0600
Subject: [PATCH] xss updates

---
 .../src/main/resources/html/CrossSiteScripting.html            | 2 ++
 .../resources/lessonPlans/en/CrossSiteScripting_content7c.adoc | 3 +++
 2 files changed, 5 insertions(+)
 create mode 100644 webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content7c.adoc

diff --git a/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html b/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html
index c1c614b52..64e7a03e1 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html
@@ -276,6 +276,8 @@
 		</div>
 		<!-- end comments -->
 
+	<div class="adoc-content" th:replace="doc:CrossSiteScripting_content7c.adoc"></div>
+
 	<div class="attack-container">
 		<!-- this will be where they can store the additional comment -->
 		<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
diff --git a/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content7c.adoc b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content7c.adoc
new file mode 100644
index 000000000..35a567a5b
--- /dev/null
+++ b/webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content7c.adoc
@@ -0,0 +1,3 @@
+Watching in your browser's developer tools or your proxy, the output should include a value starting with 'phoneHome Response is ...."
+Put that value in below to complete this exercise.  Note that, each subsequent call to the _phoneHome_ method will change that value.
+You may need to ensure you have the most recent one.
\ No newline at end of file