railsgoat/app/views/sessions/new.html.erb

<div class="rg-login-wrapper">
  <div class="rg-login-card">
    <div class="rg-login-header">
      <div class="rg-login-logo">
        <i class="bi bi-shield-fill-exclamation"></i>
      </div>
      <h2 class="mb-1">MetaCorp</h2>
      <p class="text-muted mb-0">A GoatGroup Company</p>
    </div>

    <%= form_tag "sessions", class: "needs-validation", novalidate: true do %>
      <div class="mb-3">
        <label for="email" class="form-label">Email Address</label>
        <div class="input-group">
          <span class="input-group-text"><i class="bi bi-envelope"></i></span>
          <%= text_field_tag :email, params[:email], {
            class: "form-control",
            id: "email",
            placeholder: "you@example.com",
            required: true,
            autofocus: true
          } %>
        </div>
      </div>

      <div class="mb-3">
        <label for="password" class="form-label">Password</label>
        <div class="input-group">
          <span class="input-group-text"><i class="bi bi-lock"></i></span>
          <%= password_field_tag :password, nil, {
            class: "form-control",
            id: "password",
            placeholder: "Enter your password",
            required: true
          } %>
        </div>
      </div>

      <%= hidden_field_tag :url, @url %>

      <div class="mb-3 form-check">
        <%= check_box_tag :remember_me, 1, params[:remember_me], {
          id: "remember_me",
          class: "form-check-input"
        } %>
        <label class="form-check-label" for="remember_me">
          Remember me
        </label>
      </div>

      <div class="d-grid gap-2">
        <%= submit_tag "Login", class: "btn btn-primary btn-lg" %>
      </div>

      <div class="text-center mt-3">
        <%= link_to "Forgot Password?", forgot_password_path, class: "text-decoration-none" %>
      </div>

      <hr class="my-4">

      <div class="text-center">
        <p class="text-muted mb-2">Don't have an account?</p>
        <%= link_to "Sign up now", signup_path, class: "btn btn-outline-primary" %>
      </div>
    <% end %>

    <div class="mt-4 p-3 bg-warning bg-opacity-10 border border-warning rounded">
      <div class="d-flex align-items-start">
        <i class="bi bi-exclamation-triangle-fill text-warning me-2 mt-1"></i>
        <div class="small">
          <strong>Security Training Environment</strong><br>
          This is an intentionally vulnerable application for educational purposes.
          <a href="https://github.com/OWASP/railsgoat/wiki" target="_blank" class="text-decoration-none">Learn more</a>
        </div>
      </div>
    </div>
  </div>
</div>

<!-- VULNERABILITY: XSS via URL hash parameter -->
<script>
  // support for multiple languages coming soon!
  try {
    var hashParam = location.hash.split("#")[1];
    if (hashParam) {
      var paramName = hashParam.split('=')[0];
      var paramValue = decodeURIComponent(hashParam.split('=')[1]);
      // VULNERABLE: Directly writing user input to DOM
      document.write("<div class='alert alert-info mt-3'>" + paramValue + "</div>");
    }
  } catch(err) {
    // Silently fail
  }
</script>

<style>
  /* Override main content styling for login page */
  .rg-main.no-sidebar {
    margin: 0;
    padding: 0;
  }
</style>