<!DOCTYPE html>

<html xmlns:th="http://www.thymeleaf.org">

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="doc:CSRF_intro.adoc"></div>
</div>

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="doc:CSRF_GET.adoc"></div>
</div>

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="doc:CSRF_Get_Flag.adoc"></div>

    <form accept-charset="UNKNOWN" id="basic-csrf-get"
          method="GET" name="form1"
          successCallback=""
          action="/WebGoat/csrf/basic-get-flag"
          enctype="application/json;charset=UTF-8">
        <input name="csrf" type="hidden" value="false"/>
        <input type="submit" name="ubmit="/>

    </form>

    <div class="adoc-content" th:replace="doc:CSRF_Basic_Get-1.adoc"></div>

    <div class="attack-container">
        <div class="assignment-success">
            <i class="fa fa-2 fa-check hidden" aria-hidden="true">
            </i>
        </div>
        <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-1"
              method="POST" name="form2"
              successCallback=""
              action="/WebGoat/csrf/confirm-flag-1"
              enctype="application/json;charset=UTF-8">

            Confirm Flag Value:
            <input type="text" length="6" name="confirmFlagVal" value=""/>

            <input name="submit" value="Submit" type="submit"/>

        </form>

        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>

<div class="lesson-page-wrapper">

    <div class="adoc-content" th:replace="doc:CSRF_Reviews.adoc"></div>

    <!-- comment area -->
    <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/reviews.css}"/>
    <script th:src="@{/lesson_js/csrf-review.js}" language="JavaScript"></script>

    <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>

    <div class="attack-container">
        <div class="container-fluid">
            <div class="panel post">
                <div class="post-heading">
                    <div class="pull-left image">
                        <img th:src="@{/images/avatar1.png}"
                             class="img-circle avatar" alt="user profile image"/>
                    </div>
                    <div class="pull-left meta">
                        <div class="title h5">
                            <a href="#"><b>John Doe</b></a>
                            is selling this poster, read reviews below.
                        </div>
                        <h6 class="text-muted time">24 days ago</h6>
                    </div>
                </div>

                <div class="post-image">
                    <img th:src="@{images/cat.jpg}" class="image" alt="image post"/>
                </div>

                <div class="post-description">

                </div>

                <div class="attack-container">
                    <div class="post-footer">
                        <div class="input-group">
                            <form class="attack-form" accept-charset="UNKNOWN" id="csrf-review"
                                  method="POST" name="review-form"
                                  successCallback=""
                                  action="/WebGoat/csrf/review">
                                <input class="form-control" id="reviewText" name="reviewText" placeholder="Add a Review"
                                       type="text"/>
                                <input class="form-control" id="reviewStars" name="stars" type="text"/>
                                <input type="hidden" name="validateReq" value="2aa14227b9a13d0bede0388a7fba9aa9"/>
                                <input type="submit" name="submit" value="Submit review"/>
                            </form>
                            <div class="attack-feedback"></div>
                            <div class="attack-output"></div>
                            <!--<span class="input-group-addon">-->
                            <!--<i id="postReview" class="fa fa-edit" style="font-size: 20px"></i>-->
                            <!--</span>-->
                        </div>
                        <ul class="comments-list">
                            <div id="list">
                            </div>
                        </ul>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <!-- end comments -->


</div>

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="doc:CSRF_Frameworks.adoc"></div>
</div>

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="doc:CSRF_JSON.adoc"></div>
</div>

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="doc:CSRF_ContentType.adoc"></div>

    <script th:src="@{/lesson_js/feedback.js}" language="JavaScript"></script>
    <div style="container-fluid; background-color: #f1f1f1; border: 2px solid #a66;
  border-radius: 12px;
  padding: 7px;
  margin-top:7px;
  padding:5px;">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <div class="container-fluid">
            <div class="row">
                <div class="col-md-8">
                    <div class="well well-sm">
                        <form class="attack-form" accept-charset="UNKNOWN" id="csrf-feedback"
                              method="POST"
                              prepareData="feedback"
                              action="/WebGoat/csrf/feedback/message"
                              contentType="application/json">
                            <div class="row">
                                <div class="col-md-6">
                                    <div class="form-group">
                                        <label for="name">
                                            Name</label>
                                        <input type="text" class="form-control" name="name" id="name"
                                               placeholder="Enter name"
                                               required="required"/>
                                    </div>
                                    <div class="form-group">
                                        <label for="email">
                                            Email Address</label>
                                        <div class="input-group">
                                <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span>
                                </span>
                                            <input type="email" name="email" class="form-control" id="email"
                                                   placeholder="Enter email"
                                                   required="required"/></div>
                                    </div>
                                    <div class="form-group">
                                        <label for="subject">
                                            Subject</label>
                                        <select id="subject" name="subject" class="form-control" required="required">
                                            <option value="na" selected="">Choose One:</option>
                                            <option value="service">General Customer Service</option>
                                            <option value="suggestions">Suggestions</option>
                                            <option value="product">Product Support</option>
                                        </select>
                                    </div>
                                </div>
                                <div class="col-md-6">
                                    <div class="form-group">
                                        <label for="name">
                                            Message</label>
                                        <textarea name="message" id="message" class="form-control" rows="9" cols="25"
                                                  required="required"
                                                  placeholder="Message"></textarea>
                                    </div>
                                </div>
                                <div class="col-md-12">
                                    <button class="btn btn-primary pull-right" id="btnContactUs">
                                        Send Message
                                    </button>
                                </div>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>

    <div class="attack-container">
        <div class="assignment-success">
            <i class="fa fa-2 fa-check hidden" aria-hidden="true">
            </i>
        </div>
        <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-feedback"
              method="POST" name="form2"
              action="/WebGoat/csrf/feedback"
              enctype="application/json;charset=UTF-8">

            Confirm Flag Value:
            <input type="text" length="6" name="confirmFlagVal" value=""/>

            <input name="submit" value="Submit" type="submit"/>

        </form>

        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>

</div>

<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="doc:CSRF_Login.adoc"></div>

    <div class="attack-container">
        <div class="assignment-success">
            <i class="fa fa-2 fa-check hidden" aria-hidden="true">
            </i>
        </div>
        <form class="attack-form" accept-charset="UNKNOWN" id="confirm-flag-login"
              method="POST" name="form2"
              action="/WebGoat/csrf/login"
              enctype="application/json;charset=UTF-8">

            Press the button below when your are logged in as the other user<br/>

            <input name="submit" value="Solved!" type="submit"/>

        </form>

        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
    </div>
</div>


<div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="doc:CSRF_Impact_Defense.adoc"></div>
</div>


<!--</div>-->

</html>