{% extends 'scenario-basic.html' %} {% block title-text %} Tiredful API: Cross Site Scripting {% endblock %} {% block content %}

Challenge: Cross Site Scripting

An advertisement portal where user can post and see classified advts.
APIs are implemented for accessing the list of classified advertisements and to create the advertisements. Following are the API end points:
1. List of advertisements (authentication required)

      GET Method http://{{ request.get_host }}/api/v1/advertisements/

2. To create a advertisement (authentication required)

      POST http://{{ request.get_host }}/api/v1/advertisements/

POST:

    {
      "headline": <headline(string)>,
      "info": <info(string)>,
      "price":  <price(float(7,2))>
    }

Aim: Find parameters accepting cross site scripting meta-characters. {% endblock %}