went ahead and filled in XSS

2013-04-25 13:40:50 -04:00
parent 726526eabf
commit db19e5d990
3 changed files with 20 additions and 4 deletions
@@ -10,9 +10,19 @@ class TutorialsController < ApplicationController
  end
  
  def injection
+  
  end
  
  def xss
+      	@code = %{
+  					<li style="color: #FFFFFF">
+  						<!-- 
+  						I'm going to use HTML safe because we had some weird stuff
+  						going on with funny chars and jquery, plus it says safe so I'm guessing
+  						nothing bad will happen
+  						-->
+  						Welcome, <%= current_user.first_name.html_safe %>
+  			   		</li>}
  end
  
  def broken_auth