<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
8ball.html
Magic 8-ball XSS security demo
INFO 343 Autumn 2011, Morgan Doocy
(from CSE 190 M, Marty Stepp)
-->
<head>
<title>Magic 8-Ball</title>
<link href="8ball.css" type="text/css" rel="stylesheet" />
<script src="http://ajax.googleapis.com/ajax/libs/prototype/1.7.0.0/prototype.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js" type="text/javascript"></script>
<script src="8ball.js" type="text/javascript"></script>
</head>
<body>
<h1>The Magic 8-Ball Page</h1>
<p>Type any yes/no question, and the magic 8-ball will answer it for you.</p>
<fieldset>
<legend>Your question:</legend>
<input type="text" id="questioninput" size="80" value="Am I really sexy?" />
<button id="ask">Ask the 8-ball</button>
</fieldset>
<!-- this portion is hidden by the JavaScript code initially -->
<div id="response">
<p>In response to your question, <strong id="questionoutput"><!-- question gets re-inserted here --></strong>, the answer is:</p>
<div id="eightball">
<span id="answer"><!-- 8-ball's answer goes here --></span>
</div>
</div>
</body>
</html>