Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.

author Senthil Kumaran <orsenthil@gmail.com>

Thu, 17 Mar 2011 04:34:18 +0000 (12:34 +0800)

committer Senthil Kumaran <orsenthil@gmail.com>

Thu, 17 Mar 2011 04:34:18 +0000 (12:34 +0800)
author Senthil Kumaran <orsenthil@gmail.com>
Thu, 17 Mar 2011 04:34:18 +0000 (12:34 +0800)
committer Senthil Kumaran <orsenthil@gmail.com>
Thu, 17 Mar 2011 04:34:18 +0000 (12:34 +0800)
diff --git a/Lib/SimpleHTTPServer.py b/Lib/SimpleHTTPServer.py

index 86c669ea409ed07b979a46bb75e39c6769136f02..286731d354952a6da25de9df29d21812c94b15cf 100644 (file)
--- a/Lib/SimpleHTTPServer.py
+++ b/Lib/SimpleHTTPServer.py
@@ -16,6 +16,7 @@ import BaseHTTPServer
  import urllib
  import urlparse
  import cgi
+import sys
  import shutil
  import mimetypes
  try:
@@ -132,7 +133,8 @@ class SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
          length = f.tell()
          f.seek(0)
          self.send_response(200)
-        self.send_header("Content-type", "text/html")
+        encoding = sys.getfilesystemencoding()
+        self.send_header("Content-type", "text/html; charset=%s" % encoding)
          self.send_header("Content-Length", str(length))
          self.end_headers()
          return f
author	Senthil Kumaran <orsenthil@gmail.com>
	Thu, 17 Mar 2011 04:34:18 +0000 (12:34 +0800)
committer	Senthil Kumaran <orsenthil@gmail.com>
	Thu, 17 Mar 2011 04:34:18 +0000 (12:34 +0800)