webgoat.customjs.simpleXXE = function () {
var commentInput = $("#commentInputSimple").val();
var xml = '' +
'' +
' ' + commentInput + '' +
'';
return xml;
}
webgoat.customjs.simpleXXECallback = function() {
$("#commentInputBlind").val('');
getComments('#commentsListSimple');
}
$(document).ready(function () {
getComments('#commentsListSimple');
});
webgoat.customjs.blindXXE = function() {
var commentInput = $("#commentInputBlind").val();
var xml = '' +
'' +
' ' + commentInput + '' +
'';
return xml;
}
webgoat.customjs.blindXXECallback = function() {
$("#commentInputBlind").val('');
getComments('#commentsListBlind');
}
$(document).ready(function () {
getComments('#commentsListBlind');
});
webgoat.customjs.contentTypeXXE = function() {
var commentInput = $("#commentInputContentType").val();
return JSON.stringify({text: commentInput});
}
webgoat.customjs.contentTypeXXECallback = function() {
$("#commentInputContentType").val('');
getComments('#commentsListContentType');
}
$(document).ready(function () {
getComments('#commentsListContentType');
});
var html = '';
function getComments(field) {
$.get("xxe/comments", function (result, status) {
$(field).empty();
for (var i = 0; i < result.length; i++) {
var comment = html.replace('USER', result[i].user);
comment = comment.replace('DATETIME', result[i].dateTime);
comment = comment.replace('COMMENT', result[i].text);
$(field).append(comment);
}
});
}
' +
'
USER
' + 'DATETIME
' + 'COMMENT
' + '