=2.8.1

add-to-your-blog.php

@@ -163,28 +163,6 @@
 	}// end if isSet($_POST["add-to-your-blog-php-submit-button"])
 ?>
 
-<!-- Bubble hints code -->
-<?php 
-	try{
-   		$lReflectedXSSExecutionPointBallonTip = $BubbleHintHandler->getHint("ReflectedXSSExecutionPoint");
-   		$lXSRFVulnerabilityAreaBallonTip = $BubbleHintHandler->getHint("XSRFVulnerabilityArea");
-   		$lHTMLandXSSandSQLInjectionPointBallonTip = $BubbleHintHandler->getHint("HTMLandXSSandSQLInjectionPoint");   		
-	} catch (Exception $e) {
-		echo $CustomErrorHandler->FormatError($e, "Error attempting to execute query to fetch bubble hints.");
-	}// end try	
-?>
-
-<script type="text/javascript">
-	$(function() {
-		$('[ReflectedXSSExecutionPoint]').attr("title", "<?php echo $lReflectedXSSExecutionPointBallonTip; ?>");
-		$('[ReflectedXSSExecutionPoint]').balloon();
-		$('[XSRFVulnerabilityArea]').attr("title", "<?php echo $lXSRFVulnerabilityAreaBallonTip; ?>");
-		$('[XSRFVulnerabilityArea]').balloon();
-		$('[HTMLandXSSandSQLInjectionPoint]').attr("title", "<?php echo $lHTMLandXSSandSQLInjectionPointBallonTip; ?>");
-		$('[HTMLandXSSandSQLInjectionPoint]').balloon();		
-	});
-</script>
-
 <!-- BEGIN HTML OUTPUT  -->
 <script type="text/javascript">
 	var onSubmitBlogEntry = function(/* HTMLForm */ theForm){
@@ -232,7 +210,7 @@
 			</tr>
 			<tr><td></td></tr>
 			<tr>
-				<td id="id-blog-form-header-td" ReflectedXSSExecutionPoint="1" class="form-header">
+				<td id="id-blog-form-header-td" class="form-header">
 					Add blog for <?php echo $lLoggedInUser?>
 				</td>
 			</tr>
@@ -244,7 +222,7 @@
 			</tr>
 			<tr>
 				<td>
-					<textarea 	name="blog_entry" HTMLandXSSandSQLInjectionPoint="1" rows="8" cols="65"
+					<textarea 	name="blog_entry" rows="8" cols="65"
 								autofocus="autofocus"
 						<?php 
 							if ($lEnableHTMLControls) {
@@ -338,9 +316,9 @@
 
 			echo "<tr>
 					<td>{$lRowNumber}</td>
-					<td ReflectedXSSExecutionPoint=\"1\">{$lBloggerName}</td>
+					<td>{$lBloggerName}</td>
 					<td>{$lDate}</td>
-					<td ReflectedXSSExecutionPoint=\"1\">{$lComment}</td>
+					<td>{$lComment}</td>
 				</tr>\n";
 		}//end while $lRecord
 		echo "</table><div>&nbsp;</div>";		

arbitrary-file-inclusion.php

@@ -45,25 +45,6 @@
     }// end try;
 ?>
 
-<!-- Bubble hints code -->
-<?php 
-	try{
-   		$lReflectedXSSExecutionPointBallonTip = $BubbleHintHandler->getHint("ReflectedXSSExecutionPoint");
-   		$lLocalFileInclusionVulnerabilityBallonTip = $BubbleHintHandler->getHint("LocalFileInclusionVulnerability");
-	} catch (Exception $e) {
-		echo $CustomErrorHandler->FormatError($e, "Error attempting to execute query to fetch bubble hints.");
-	}// end try	
-?>
-
-<script type="text/javascript">
-	$(function() {
-		$('[ReflectedXSSExecutionPoint]').attr("title", "<?php echo $lReflectedXSSExecutionPointBallonTip; ?>");
-		$('[ReflectedXSSExecutionPoint]').balloon();
-		$('[LocalFileInclusionVulnerability]').attr("title", "<?php echo $lLocalFileInclusionVulnerabilityBallonTip; ?>");
-		$('[LocalFileInclusionVulnerability]').balloon();
-	});
-</script>
-
 <div class="page-title">Arbitrary File Inclusion</div>
 
 <?php include_once (__ROOT__.'/includes/back-button.inc');?>
@@ -75,7 +56,7 @@
 	</tr>
 	<tr><td>&nbsp;</td></tr>
 	<tr style="text-align: left;">
-		<td ReflectedXSSExecutionPoint="1" class="label">Current Page: <?php echo $lPage; ?></td>
+		<td class="label">Current Page: <?php echo $lPage; ?></td>
 	</tr>
 	<tr>
 		<td LocalFileInclusionVulnerability="1" class="label">

browser-info.php

@@ -65,25 +65,6 @@
     }// end try;
 ?>
 
-<!-- Bubble hints code -->
-<?php 
-	try{
-   		$lReflectedXSSExecutionPointBallonTip = $BubbleHintHandler->getHint("ReflectedXSSExecutionPoint");
-   		$lJavaScriptInjectionPointBallonTip = $BubbleHintHandler->getHint("JavaScriptInjectionPoint");
-	} catch (Exception $e) {
-		echo $CustomErrorHandler->FormatError($e, "Error attempting to execute query to fetch bubble hints.");
-	}// end try	
-?>
-
-<script type="text/javascript">
-	$(function() {
-		$('[ReflectedXSSExecutionPoint]').attr("title", "<?php echo $lReflectedXSSExecutionPointBallonTip; ?>");
-		$('[ReflectedXSSExecutionPoint]').balloon();
-		$('[JavaScriptInjectionPoint]').attr("title", "<?php echo $lJavaScriptInjectionPointBallonTip; ?>");
-		$('[JavaScriptInjectionPoint]').balloon();
-	});
-</script>
-
 <div class="page-title">Browser Information</div>
 
 <?php include_once (__ROOT__.'/includes/back-button.inc');?>
@@ -94,8 +75,8 @@
 	<tr><th class="report-label">Client IP</th><td class="report-data"><?php echo $lClientIP; ?></td></tr>
     <tr><th class="report-label">Client Hostname</th><td class="report-data"><?php echo $lClientHostname; ?></td></tr>
     <tr><th class="report-label">Operating System</th><td class="report-data"><?php echo $lOperatingSystem ?></td></tr>
-    <tr><th class="report-label">User Agent String</th><td class="report-data" ReflectedXSSExecutionPoint="1"><?php echo $lClientUserAgentString; ?></td></tr>
-    <tr><th class="report-label">Referrer</th><td class="report-data" ReflectedXSSExecutionPoint="1"><?php echo $lClientReferrer; ?></td></tr>
+    <tr><th class="report-label">User Agent String</th><td class="report-data"><?php echo $lClientUserAgentString; ?></td></tr>
+    <tr><th class="report-label">Referrer</th><td class="report-data"><?php echo $lClientReferrer; ?></td></tr>
     <tr><th class="report-label">Remote Client Port</th><td class="report-data"><?php echo $lClientPort; ?></td></tr>
     <tr><th class="report-label">WhoIs info for client IP</th><td class="report-data"><pre><?php echo $lWhoIsInformation; ?></pre></td></tr>
 	<?php 
@@ -105,7 +86,7 @@
 		}// end foreach
 	}else{
 		foreach ($_COOKIE as $key => $value){
-	    	echo '<tr><th class="report-label" ReflectedXSSExecutionPoint="1" class="non-wrapping-label">Cookie '.$key.'</th><td class="report-data">'.$value.'</pre></td></tr>';
+	    	echo '<tr><th class="report-label" class="non-wrapping-label">Cookie '.$key.'</th><td class="report-data">'.$value.'</pre></td></tr>';
 		}// end foreach
 	}// end if
 	?>    
@@ -154,8 +135,8 @@
 		<td class="report-data" id="id_color_depth_enabled_td"></td>
 	</tr>
 	<tr>
-		<th class="report-label" JavaScriptInjectionPoint="1">Referrer</th>
-		<td class="report-data" id="id_referrer_td" JavaScriptInjectionPoint="1"></td>
+		<th class="report-label">Referrer</th>
+		<td class="report-data" id="id_referrer_td"></td>
 	</tr>
 	<tr>
 		<th class="report-label">Plug-Ins</th>

capture-data.php

@@ -19,12 +19,6 @@
 	 * ------------------------------------------ */
 	require_once ('./includes/constants.php');
 	require_once(__ROOT__.'/includes/minimum-class-definitions.php');
-
-	/* ------------------------------------------
- 	* initialize balloon-hint handler
- 	* ------------------------------------------ */
-	require_once (__ROOT__.'/classes/BubbleHintHandler.php');
-	$BubbleHintHandler = new BubbleHintHandler(__ROOT__."/owasp-esapi-php/src/", $_SESSION["security-level"]);
 
 	/* ------------------------------------------
  	* initialize Client Information Handler
@@ -142,25 +136,6 @@
 	include_once(__ROOT__."/includes/log-visit.php");
 ?>
 
-<!-- Bubble hints code -->
-<?php 
-	try{
-   		$lReflectedXSSExecutionPointBallonTip = $BubbleHintHandler->getHint("ReflectedXSSExecutionPoint");
-   		$lSQLInjectionPointBallonTip = $BubbleHintHandler->getHint("SQLInjectionPoint");
-	} catch (Exception $e) {
-		echo $CustomErrorHandler->FormatError($e, "Error attempting to execute query to fetch bubble hints.");
-	}// end try	
-?>
-
-<script type="text/javascript">
-	$(function() {
-		$('[ReflectedXSSExecutionPoint]').attr("title", "<?php echo $lReflectedXSSExecutionPointBallonTip; ?>");
-		$('[ReflectedXSSExecutionPoint]').balloon();
-		$('[SQLInjectionPoint]').attr("title", "<?php echo $lSQLInjectionPointBallonTip; ?>");
-		$('[SQLInjectionPoint]').balloon();
-	});
-</script>
-
 <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" />
 <div class="page-title">Capture Data</div>
 
@@ -181,7 +156,7 @@
 	</tr>
 	<tr><td>&nbsp;</td></tr>
 	<tr>
-		<td SQLInjectionPoint="1">
+		<td>
 			This page is designed to capture any parameters sent and store them in a file and a database table. It loops through
 			the POST and GET parameters and records them to a file named <span class="label"><?php print $lFilename; ?></span>. On this system, the 
 			file should be found at <span class="label"><?php print $lFilepath; ?></span>. The page
@@ -191,7 +166,7 @@
 	</tr>
 	<tr><td>&nbsp;</td></tr>
 	<tr>
-		<th ReflectedXSSExecutionPoint="1">
+		<th>
 			The data captured on this request is: <?php print $lCapturedData; ?>
 		</th>
 	</tr>

captured-data.php

@@ -56,22 +56,6 @@
 
 ?>
 
-<!-- Bubble hints code -->
-<?php 
-	try{
-   		$lReflectedXSSExecutionPointBallonTip = $BubbleHintHandler->getHint("ReflectedXSSExecutionPoint");
-	} catch (Exception $e) {
-		echo $CustomErrorHandler->FormatError($e, "Error attempting to execute query to fetch bubble hints.");
-	}// end try
-?>
-
-<script type="text/javascript">
-	$(function() {
-		$('[ReflectedXSSExecutionPoint]').attr("title", "<?php echo $lReflectedXSSExecutionPointBallonTip; ?>");
-		$('[ReflectedXSSExecutionPoint]').balloon();
-	});
-</script>
-
 <script>
 	var DeleteCapturedData = function(){
 		if (window.confirm("Please confirm all captured data should be deleted")){
@@ -164,9 +148,9 @@
 					<td>{$lHostname}</td>
 					<td>{$lClientIPAddress}</td>
 					<td>{$lClientPort}</td>
-					<td ReflectedXSSExecutionPoint=\"1\">{$lClientUserAgentString}</td>
-					<td ReflectedXSSExecutionPoint=\"1\">{$lClientReferrer}</td>
-					<td ReflectedXSSExecutionPoint=\"1\">{$lData}</td>
+					<td>{$lClientUserAgentString}</td>
+					<td>{$lClientReferrer}</td>
+					<td>{$lData}</td>
 					<td>{$lCaptureDate}</td>
 				</tr>\n";
 		}//end while $row