Bug in DOM injection lesson - refers to 'id' that does not exist
Closed this issue · 2 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. View the Ajax Security --> DOM Injection lesson
2. Type in the authorization field and notice that no Ajax requests are
fired (proxy through and intercept requests with WebScarab).
What is the expected output? What do you see instead?
Should see Ajax requests but don't.
What version of the product are you using? On what operating system?
WebGoat 5.2 on WindowsXP
Please provide any additional information below.
The JavaScript on the page starts with this:
var keyField = document.getElementById('key');
But there is no element with that id. This is the one they are trying to find:
<input onkeyup='validate();' value='' name='key' type='TEXT'>
So I had to complete the lesson by adding id='key' in WebScarab. Shouldn't
there be an id in the source?
Original issue reported on code.google.com by scott...@gmail.com
on 24 Jun 2009 at 10:08
GoogleCodeExporter commented
Original comment by mayhe...@gmail.com
on 24 Mar 2010 at 8:36
- Changed state: Accepted
GoogleCodeExporter commented
Original comment by X71...@gmail.com
on 10 Aug 2011 at 3:44
- Changed state: Fixed