</IfModule>
<IfModule mod_mime.c>
- #
- # Specify a default charset for all pages sent out. This is
- # always a good idea and opens the door for future internationalisation
- # of your web site, should you ever want it. Specifying it as
- # a default does little harm; as the standard dictates that a page
- # is in iso-8859-1 (latin1) unless specified otherwise i.e. you
- # are merely stating the obvious. There are also some security
- # reasons in browsers, related to javascript and URL parsing
- # which encourage you to always set a default char set.
- #
- AddDefaultCharset ISO-8859-1
-
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
#
ForceLanguagePriority Prefer Fallback
-#
-# Specify a default charset for all pages sent out. This is
-# always a good idea and opens the door for future internationalisation
-# of your web site, should you ever want it. Specifying it as
-# a default does little harm; as the standard dictates that a page
-# is in iso-8859-1 (latin1) unless specified otherwise i.e. you
-# are merely stating the obvious. There are also some security
-# reasons in browsers, related to javascript and URL parsing
-# which encourage you to always set a default char set.
-#
-AddDefaultCharset ISO-8859-1
-
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
<directivesynopsis>
<name>AddDefaultCharset</name>
-<description>Default character set to be added for a
-response without an explicit character set</description>
+<description>Default charset parameter to be added when a response
+content-type is "text/plain" or "text/html"</description>
<syntax>AddDefaultCharset On|Off|<var>charset</var></syntax>
<default>AddDefaultCharset Off</default>
<contextlist><context>server config</context>
<override>FileInfo</override>
<usage>
- <p>This directive specifies the name of the character set that
- will be added to any response that does not have any parameter on
- the content type in the HTTP headers. This will override any
- character set specified in the body of the document via a
- <code>META</code> tag. A setting of <code>AddDefaultCharset
- Off</code> disables this
- functionality. <code>AddDefaultCharset On</code> enables
- Apache's internal default charset of <code>iso-8859-1</code> as
- required by the directive. You can also specify an alternate
- <var>charset</var> to be used. For example:</p>
+ <p>This directive specifies a default value for the media type
+ charset parameter (the name of a character encoding) to be added
+ to a response if and only if the response's content-type is either
+ "text/plain" or "text/html". This should override any charset
+ specified in the body of the document via a <code>META</code> tag,
+ though the exact behavior is often dependent on the user's client
+ configuration. A setting of <code>AddDefaultCharset Off</code>
+ disables this functionality. <code>AddDefaultCharset On</code> enables
+ a default charset of <code>iso-8859-1</code>. Any other value is assumed
+ to be the <var>charset</var> to be used, which should be one of the
+ <a href="http://www.iana.org/assignments/character-sets">IANA registered
+ charset values</a> for use in MIME media types.
+ For example:</p>
<example>
AddDefaultCharset utf-8
</example>
+
+ <p><code>AddDefaultCharset</code> should only be used when all
+ of the text resources to which it applies are known to be in that
+ character encoding and it is too inconvenient to label their charset
+ individually. One such example is to add the charset parameter
+ to resources containing generated content, such as legacy CGI
+ scripts, that might be vulnerable to cross-site scripting attacks
+ due to user-provided data being included in the output. Note, however,
+ that a better solution is to just fix (or delete) those scripts, since
+ setting a default charset does not protect users that have enabled
+ the "auto-detect character encoding" feature on their browser.</p>
</usage>
+<seealso><directive module="mod_mime">AddCharset</directive></seealso>
</directivesynopsis>
<directivesynopsis>
projects / apache / commitdiff