initial cut on XSS, need to add some tests still

2017-05-18 14:41:14 -04:00
parent 05f6fb226f
commit feead6b740
33 changed files with 779 additions and 463 deletions
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js
@ -54,21 +54,24 @@ define(['jquery',
            webgoat.customjs.jquery = $; //passing jquery into custom js scope ... still klunky, but works for now
            webgoat.customjs.jqueryVuln = $vuln;

-            // temporary shim to support dom-xss assignment
+            // shim to support xss lesson
            webgoat.customjs.phoneHome = function (e) {
                console.log('phoneHome invoked');
-                console.log(arguments.callee);
-                //
                webgoat.customjs.jquery.ajax({
                    method: "POST",
-                    url: "/WebGoat/CrossSiteScripting/dom-xss",
+                    url: "/WebGoat/CrossSiteScripting/phone-home-xss",
                    data: {param1: 42, param2: 24},
                    headers: {
                        "webgoat-requested-by": "dom-xss-vuln"
                    },
-                    contentType: 'application/x-www-form-urlencoded; charset=UTF-8'
+                    contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
+                    success: function (data) {
+                        //devs leave stuff like this in all the time
+                        console.log('phone home said '  + data);
+                    }
                });
            }
+
        },

        initialize: function () {