httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Adding charset to canned responses
Date Sat, 29 Dec 2007 17:41:48 GMT
Nick Kew wrote:
> From 2.2.x/STATUS:
>    * Various modules: Add explicit charset to the output of various
> modules to work around possible cross-site scripting flaws affecting
> web browsers that do not derive the response character set as required
> by RFC2616.
> Two comments on that: the first trivial, the second more serious:
> 1. Is ISO-8859-1 right for these?  Sure, it's not wrong (unless
>    as in (2) below), but why not label it as plain ASCII?

They are all text/html.  RFC2616 clearly defined them as ISO-8859-1
in the absence of any other charset tag.

View raw message