Changed the field1.replaceAll to field1 = field1.replaceAll. The first case does not clean the taint

git-svn-id: http://webgoat.googlecode.com/svn/trunk@474 4033779f-a91e-0410-96ef-6bf7bf53c507

Author: [email protected]

webgoat/src/main/webapp/lessons/Ajax/eval.jsp

@@ -12,10 +12,11 @@ if(field1 == null) field1 = "123";
 if(field2 == null) field2 = "-1";
 
 /** For security reasons, we remove all '<' and '>' characters to prevent XSS **/
-field1.replaceAll("<", "");
-field1.replaceAll(">", "");
-field2.replaceAll("<", "");
-field2.replaceAll(">", "");
+// Thank you Victor Bucutea for noticing replaceAll only cleans taint to the return value.
+field1 = field1.replaceAll("<", "");
+field1 = field1.replaceAll(">", "");
+field2 = field2.replaceAll("<", "");
+field2 = field2.replaceAll(">", "");
 
 if("Purchase".equals(action))
 {