Stored XSS Attacks challenge is not working

Question

Stored XSS Attacks challenge is not working

gartmann opened this issue 10 years ago · 3 comments

Enter a title
Enter message <script>alert(document.cookie);</script>
click on the generated link
=> open the javascript console and you can see following error:

Uncaught ReferenceError: showResponse is not defined

Answer 1 · 2015-07-12T10:47:38.000Z

Tested the issue, on my forked branch this is no longer an issue. This is probably due to the fact that a couple of pull requests from my repository have not been merged in to WebGoat/master

Answer 2 · 2015-07-12T10:51:36.000Z

Sorry thought this was an issue on WebGoat but it is on WebGoat-Lecacy. I don't think we need to fix this on Legacy because we are close to merging all the lessons...

Answer 3 · 2015-08-26T01:05:11.000Z

Was going to (and still probably will) ask someone to specifically look at/test XSS and CSRF lessons. I specifically am not escaping to allow for this, but want to make sure it is working as intended. The showResponse is not defined is likely an intermediate version.

Either way, can we get confirmation on this for the current development branch? Thanks!