Bug in DOM injection lesson - refers to 'id' that does not exist

Question

Bug in DOM injection lesson - refers to 'id' that does not exist

Closed this issue 8 years ago · 2 comments

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. View the Ajax Security --> DOM Injection lesson
2. Type in the authorization field and notice that no Ajax requests are
fired (proxy through and intercept requests with WebScarab).

What is the expected output? What do you see instead?
Should see Ajax requests but don't.

What version of the product are you using? On what operating system?
WebGoat 5.2 on WindowsXP

Please provide any additional information below.
The JavaScript on the page starts with this:
var keyField = document.getElementById('key');

But there is no element with that id.  This is the one they are trying to find:
<input onkeyup='validate();' value='' name='key' type='TEXT'>

So I had to complete the lesson by adding id='key' in WebScarab.  Shouldn't
there be an id in the source?

Original issue reported on code.google.com by scott...@gmail.com on 24 Jun 2009 at 10:08

Answer 1 · 2016-02-17T22:53:11.000Z

Original comment by mayhe...@gmail.com on 24 Mar 2010 at 8:36

Changed state: Accepted

Answer 2 · 2016-02-17T22:53:12.000Z

Original comment by X71...@gmail.com on 10 Aug 2011 at 3:44

Changed state: Fixed