<%= name %>

<% include ../partials/ruleInfo.ejs %>

Query

<% groupedSinkData.query.forEach(function(sink) { %>

<%= sink.name %>

<% if (sink.name.includes('second') || sink.name.includes('File')) { %> <% } else { %> <% } %>
<% }); %>

POST cookies

<% groupedSinkData.cookies.forEach(function(sink) { %>

<%= sink.name %>

<% ['unsafe', 'safe', 'noop'].forEach(function(safety) { %> <% if (sink.name.includes('second') || sink.name.includes('File')) { %> 

curl http://localhost:3000<%= sink.url %>/<%= safety %> -X POST -b "input=; whoami"

<% } else { %> 

curl http://localhost:3000<%= sink.url %>/<%= safety %> -X POST -b "input=test &whoami"

<% } %> <% }); %> <% }); %>
<% include ../partials/safeButtons %>