search

zeezocode / webgoat

Automatically exported from code.google.com/p/webgoat
1 stars 0 forks source link

Bug in DOM injection lesson - refers to 'id' that does not exist #28

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. View the Ajax Security --> DOM Injection lesson
2. Type in the authorization field and notice that no Ajax requests are
fired (proxy through and intercept requests with WebScarab).

What is the expected output? What do you see instead?
Should see Ajax requests but don't.

What version of the product are you using? On what operating system?
WebGoat 5.2 on WindowsXP

Please provide any additional information below.
The JavaScript on the page starts with this:
var keyField = document.getElementById('key');

But there is no element with that id.  This is the one they are trying to find:
<input onkeyup='validate();' value='' name='key' type='TEXT'>

So I had to complete the lesson by adding id='key' in WebScarab.  Shouldn't
there be an id in the source?

Original issue reported on code.google.com by scott...@gmail.com on 24 Jun 2009 at 10:08

GoogleCodeExporter commented 8 years ago

Original comment by mayhe...@gmail.com on 24 Mar 2010 at 8:36

GoogleCodeExporter commented 8 years ago

Original comment by X71...@gmail.com on 10 Aug 2011 at 3:44