98949c00d8
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
9 lines
773 B
HTML
9 lines
773 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> How to Perform Stored Cross Site Scripting (XSS) </p>
|
|
</div>
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
<!-- Start Instructions -->
|
|
It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.
|
|
<!-- Stop Instructions -->
|
|
<p><b>General Goal(s):</b> </p>
|
|
The user should be able to add message content that cause another user to load an undesireable page or content. |