diff options
author | Senthil Kumaran <orsenthil@gmail.com> | 2011-03-17 12:34:18 +0800 |
---|---|---|
committer | Senthil Kumaran <orsenthil@gmail.com> | 2011-03-17 12:34:18 +0800 |
commit | 5bd75ae07e1f37296e15cec1049f2826c2484564 (patch) | |
tree | b269cc0c03c1778885292fb3d535ba54d460eb40 | |
parent | dcc91c81d1fa02383d29e09db57b02c64de0333b (diff) | |
download | cpython-5bd75ae07e1f37296e15cec1049f2826c2484564.tar.gz |
Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.
Patch by Tom N. (Backported from py3k codeline).
-rw-r--r-- | Lib/SimpleHTTPServer.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Lib/SimpleHTTPServer.py b/Lib/SimpleHTTPServer.py index 86c669ea40..286731d354 100644 --- a/Lib/SimpleHTTPServer.py +++ b/Lib/SimpleHTTPServer.py @@ -16,6 +16,7 @@ import BaseHTTPServer import urllib import urlparse import cgi +import sys import shutil import mimetypes try: @@ -132,7 +133,8 @@ class SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): length = f.tell() f.seek(0) self.send_response(200) - self.send_header("Content-type", "text/html") + encoding = sys.getfilesystemencoding() + self.send_header("Content-type", "text/html; charset=%s" % encoding) self.send_header("Content-Length", str(length)) self.end_headers() return f |