Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.

Patch by Tom N. (Backported from py3k codeline).
author: Senthil Kumaran <orsenthil@gmail.com> 2011-03-17 12:34:18 +0800
committer: Senthil Kumaran <orsenthil@gmail.com> 2011-03-17 12:34:18 +0800
commit: 5bd75ae07e1f37296e15cec1049f2826c2484564 (patch)
tree: b269cc0c03c1778885292fb3d535ba54d460eb40
parent: dcc91c81d1fa02383d29e09db57b02c64de0333b (diff)
download: cpython-5bd75ae07e1f37296e15cec1049f2826c2484564.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/Lib/SimpleHTTPServer.py b/Lib/SimpleHTTPServer.py
index 86c669ea40..286731d354 100644
--- a/Lib/SimpleHTTPServer.py
+++ b/Lib/SimpleHTTPServer.py
@@ -16,6 +16,7 @@ import BaseHTTPServer
 import urllib
 import urlparse
 import cgi
+import sys
 import shutil
 import mimetypes
 try:
@@ -132,7 +133,8 @@ class SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
         length = f.tell()
         f.seek(0)
         self.send_response(200)
-        self.send_header("Content-type", "text/html")
+        encoding = sys.getfilesystemencoding()
+        self.send_header("Content-type", "text/html; charset=%s" % encoding)
         self.send_header("Content-Length", str(length))
         self.end_headers()
         return f
author	Senthil Kumaran <orsenthil@gmail.com>	2011-03-17 12:34:18 +0800
committer	Senthil Kumaran <orsenthil@gmail.com>	2011-03-17 12:34:18 +0800
commit	5bd75ae07e1f37296e15cec1049f2826c2484564 (patch)
tree	b269cc0c03c1778885292fb3d535ba54d460eb40
parent	dcc91c81d1fa02383d29e09db57b02c64de0333b (diff)
download	cpython-5bd75ae07e1f37296e15cec1049f2826c2484564.tar.gz