httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Same document encoed differently on 1.3 and 2.0
Date Tue, 16 Nov 2004 20:40:16 GMT
On Tue, 16 Nov 2004, Predrag Lezaic wrote:

> >> It should say whatever character set your clients have used to encode
> >> their documents.  A good guess is ISO-8859-1, which is the default as
> >> distributed from httpd.apache.org.

Indeed.  On a server with multiple unprivileged users you might want to
enable them to set it in .htaccess, and document the fact.

> > Or it could say "Off", which I prefer; this allows individual HTML
> > documents to declare their character set using meta headers.  These
> > headers are overwritten by the AddDefaultCharset directive.

The <meta ...> thing is a nasty hack, and falls down completely for
non-HTML documents, or even for HTML in a character set that's not
a superset of ASCII.

> > There is a potential security issue here though; something to do with
> > cross-site scripting and an Internet Explorer bug I think.

That's quite old now; I'm not sure if it's still relevant.  But there
are other concerns, especially if you serve XML - where the browser
MUST treat it as plain ASCII if no charset is set in the HTTP headers.

It really is worthwhile getting this right!

If you want support for HTML <meta http-equiv ...>, you can use a module
such as mod_publisher that converts them to a real HTTP headers.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message