Stored XSS Lesson does not render message and attack does not fire · Issue #141 · WebGoat/WebGoat · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stored XSS Lesson does not render message and attack does not fire #141

Closed
mayhew64 opened this issue Oct 29, 2015 · 4 comments
Closed

Stored XSS Lesson does not render message and attack does not fire #141

mayhew64 opened this issue Oct 29, 2015 · 4 comments
Assignees
@misfir3
Labels
bug WebGoat-UI

Comments

@mayhew64
Copy link
Contributor

The message is created, but clicking on the message does not render the content. The attack can't fire without the content being rendered. The Message should show below the message list with a line separator.

This is from Firefox, Chrome, and Safari

screen shot 2015-10-29 at 8 46 50 am
@nbaars nbaars mentioned this issue Oct 30, 2015
Closed
@nbaars
Copy link
Collaborator

nbaars commented Oct 30, 2015

Seems to be the same with Cross Site Request Forgery (CSRF) lesson

@ilatypov ilatypov mentioned this issue Nov 7, 2015
Merged
@misfir3
Copy link
Contributor

misfir3 commented Dec 2, 2015

Verified fixed ...
alertstoredxss1

storedxss2

@misfir3 misfir3 closed this as completed Dec 2, 2015
@nbaars nbaars reopened this Jan 17, 2016
@nbaars
Copy link
Collaborator

nbaars commented Jan 17, 2016

Tested indeed I see the alert but the lesson does not show that the lesson has been successfully completed.

@misfir3
Copy link
Contributor

misfir3 commented Jan 20, 2016

'success' criteria in java file was not 'loose' enough. Plenty of successful ways may still not get picked up, but at least you can now succeed using the inputs from the hints. Merge request in.

@misfir3 misfir3 mentioned this issue Jan 20, 2016
Merged
@misfir3 misfir3 closed this as completed Feb 17, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@misfir3 misfir3

Labels
bug WebGoat-UI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nbaars @mayhew64 @misfir3