Hello,
when checking the grading on Exercise 4 1e), I found that the solution:
%22%20autofocus%20onfocus%3D%22alert(document.location)%3B%22%3E
was not accepted, apparently because the automatic grading tool found that no alert() message was triggered. However, when I visit the link:
https://websec.cs.uni-paderborn.de/websec/api/xss/challenge?verifier=8&firstname=Example&lastname=User&credit_card=DE%206666%206666%206666%206666&access_code=111&session_id=af324dfg345dg435fds&total=%22%20autofocus%20onfocus%3D%22alert(document.location)%3B%22%3E
myself, an alert() message appears with the document.location as its content. The corresponding error message from the autograder states:
2026-05-20 15:45:43,290 SILLY | moodle_autograder.util.test_framework.test: Running 'gets_alert'
2026-05-20 15:45:44,409 ERROR | moodle_autograder.util.test_framework.test: Exception while running 'gets_alert': Exception('Did not get alert after 1s')
Did I overlook something, or might this be a grading error? Perhaps the alert() was triggered after more than 1s for some reason? Or perhaps the combination of autofocus and onfocus does not work with specific browsers in the way I expected (I tested it using Chrome and Firefox)?
I hope that I did not overlook anything obvious; it'd be really interesting to find out what went wrong.
Thanks and kind regards