8000 XSS lesson stage 12 (2 issues) · Issue #1178 · WebGoat/WebGoat · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

XSS lesson stage 12 (2 issues) #1178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
davewichers opened this issue Dec 8, 2021 · 1 comment · Fixed by #2057
Closed

XSS lesson stage 12 (2 issues) #1178

davewichers opened this issue Dec 8, 2021 · 1 comment · Fixed by #2057
Assignees
@aolle
Milestone
2025.3

Comments

@davewichers
Copy link
davewichers commented Dec 8, 2021
edited
Loading

First off, this lesson is accessible at: http://localhost:8080/WebGoat/start.mvc#lesson/CrossSiteScripting.lesson/11

Why does the URL have 11 as the stage reference and not 12? I.e., stage 1 starts at 0 up through 11, when it would be more natural for this to be /1 thru /12. Apparently all the lessons are like this. Seems like they should ALL be numbered 1 thru N.

Also, when you get ALL the questions correct, they all turn green, but the checkboxes filled in, go away. You should leave the checkboxes selected after they submit, regardless of whether they got any right or not, so they know what they selected. This also applies to the questions in Stage 6 of the SQL Injection (advanced), and Stage 5 of: SQL Injection (mitigation). Why 'erase' the supplied answers when the users gets them correct?
@davewichers davewichers changed the title XSS lesson 12 (2 issues) XSS lesson stage 12 (2 issues) Dec 8, 2021
@davewichers
Copy link
Author
davewichers commented Dec 9, 2021
edited
Loading

In addition to the above, the questions themselves are kind of banged up. In question 1, for example, what is a 'trusted' site?
Question 2: Solution 3, you typically don't stop XSS with 'validating for malicious content'. Question 4, Solution 2: the last word should be 'response', not request. This 'banged up' comment also applies to the questions in Stage 6 of the SQL Injection (advanced).

Maybe you can ask Bruce Mayhew to review/update ALL these questions and answers to make them 'better'? I know writing good questions/answers is hard. I do like this lesson, by the way. Just think it could be better.

@aolle aolle self-assigned this Dec 17, 2021
nbaars added a commit that referenced this issue Mar 9, 2025
@nbaars
fix: rewrite questions
ce75411 
Closes: gh-1178
@nbaars nbaars mentioned this issue Mar 9, 2025
Merged
@nbaars nbaars added this to the 2025.3 milestone Mar 9, 2025
@nbaars nbaars closed this as completed in e2f80b1 Mar 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aolle aolle

Labels
None yet
Projects
None yet
Milestone
2025.3
Development

Successfully merging a pull request may close this issue.

fix: rewrite questions WebGoat/WebGoat
3 participants
@nbaars @davewichers @aolle
0